1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import javax.jcr.Node;
37 import javax.jcr.NodeIterator;
38 import javax.jcr.PathNotFoundException;
39 import javax.jcr.RepositoryException;
40 import javax.jcr.Session;
41
42 import info.magnolia.cms.core.Content;
43 import info.magnolia.cms.core.ItemType;
44 import info.magnolia.cms.core.Path;
45 import info.magnolia.context.MgnlContext;
46 import info.magnolia.cms.core.HierarchyManager;
47 import info.magnolia.repository.RepositoryConstants;
48
49 import org.slf4j.Logger;
50 import org.slf4j.LoggerFactory;
51
52
53
54
55
56
57
58 public class MgnlRoleManager extends RepositoryBackedSecurityManager implements RoleManager {
59 private static final Logger log = LoggerFactory.getLogger(MgnlRoleManager.class);
60
61
62
63
64 public MgnlRoleManager() {
65 }
66
67 @Override
68 public Role getRole(String name) {
69 try {
70 return newRoleInstance(findPrincipalNode(name, MgnlContext.getJCRSession(getRepositoryName())));
71 }
72 catch (Exception e) {
73 log.debug("can't find role [" + name + "]", e);
74 return null;
75 }
76 }
77
78 @Override
79 public Role createRole(String name) {
80 try {
81 Content node = getHierarchyManager().createContent("/", name, ItemType.ROLE.getSystemName());
82 getHierarchyManager().save();
83 return newRoleInstance(node);
84 }
85 catch (Exception e) {
86 log.error("can't create role [" + name + "]", e);
87 return null;
88 }
89 }
90
91
92
93
94 @Deprecated
95 protected MgnlRole newRoleInstance(Content node) throws RepositoryException {
96 return newRoleInstance(node.getJCRNode());
97 }
98
99 protected MgnlRole newRoleInstance(Node node) throws RepositoryException {
100 return new MgnlRole(node.getName(), node.getIdentifier(), getACLs(node).values());
101 }
102
103 protected HierarchyManager getHierarchyManager() {
104 return MgnlContext.getHierarchyManager(RepositoryConstants.USER_ROLES);
105 }
106
107 @Override
108 public void removePermission(Role role, String repository, String path, long permission) {
109 try {
110 Session session = MgnlContext.getJCRSession(RepositoryConstants.USER_ROLES);
111 Node roleNode = session.getNodeByIdentifier(role.getId());
112 Node aclNode = getAclNode(roleNode, repository);
113 NodeIterator children = aclNode.getNodes();
114 while(children.hasNext()) {
115 Node child = children.nextNode();
116 if (child.getProperty("path").getString().equals(path)) {
117 if (permission == MgnlRole.PERMISSION_ANY
118 || child.getProperty("permissions").getLong() == permission) {
119 child.remove();
120 }
121 }
122 }
123 session.save();
124 }
125 catch (Exception e) {
126 log.error("can't remove permission", e);
127 }
128 }
129
130
131
132
133
134 private Node getAclNode(Node roleNode, String repository) throws RepositoryException, PathNotFoundException,
135 AccessDeniedException {
136 Node aclNode;
137 if (!roleNode.hasNode("acl_" + repository)) {
138 aclNode = roleNode.addNode("acl_" + repository, ItemType.CONTENTNODE.getSystemName());
139 }
140 else {
141 aclNode = roleNode.getNode("acl_" + repository);
142 }
143 return aclNode;
144 }
145
146
147
148
149 private boolean existsPermission(Node aclNode, String path, long permission) throws RepositoryException {
150 NodeIterator children = aclNode.getNodes();
151 while(children.hasNext()) {
152 Node child = children.nextNode();
153 if (child.hasProperty("path") && child.getProperty("path").getString().equals(path)) {
154 if (permission == MgnlRole.PERMISSION_ANY
155 || child.getProperty("permissions").getLong() == permission) {
156 return true;
157 }
158 }
159 }
160 return false;
161 }
162
163 @Override
164 public void addPermission(Role role, String repository, String path, long permission) {
165 try {
166 Session session = MgnlContext.getJCRSession(getRepositoryName());
167 Node roleNode = session.getNodeByIdentifier(role.getId());
168 Node aclNode = getAclNode(roleNode, repository);
169 if (!this.existsPermission(aclNode, path, permission)) {
170 String nodename = Path.getUniqueLabel(session, aclNode.getPath(), "0");
171 Node node = aclNode.addNode(nodename, ItemType.CONTENTNODE.getSystemName());
172 node.setProperty("path", path);
173 node.setProperty("permissions", permission);
174 session.save();
175 }
176 }
177 catch (Exception e) {
178 log.error("can't add permission", e);
179 }
180 }
181
182 @Override
183 protected Node findPrincipalNode(String principalName, Session session) throws RepositoryException {
184 return session.getNode("/" + principalName);
185 }
186
187 @Override
188 protected String getRepositoryName() {
189 return RepositoryConstants.USER_ROLES;
190 }
191
192 @Override
193 public String getRoleNameById(String string) {
194 return getResourceName(string);
195 }
196
197 }