1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import javax.jcr.Node;
37 import javax.jcr.NodeIterator;
38 import javax.jcr.PathNotFoundException;
39 import javax.jcr.RepositoryException;
40 import javax.jcr.Session;
41
42 import info.magnolia.cms.core.Content;
43 import info.magnolia.cms.core.ItemType;
44 import info.magnolia.cms.core.Path;
45 import info.magnolia.context.MgnlContext;
46 import info.magnolia.cms.core.HierarchyManager;
47 import info.magnolia.jcr.iterator.SameChildNodeTypeIterator;
48 import info.magnolia.repository.RepositoryConstants;
49
50 import org.slf4j.Logger;
51 import org.slf4j.LoggerFactory;
52
53
54
55
56
57
58
59 public class MgnlRoleManager extends RepositoryBackedSecurityManager implements RoleManager {
60 private static final Logger log = LoggerFactory.getLogger(MgnlRoleManager.class);
61
62
63
64
65 public MgnlRoleManager() {
66 }
67
68 @Override
69 public Role getRole(String name) {
70 try {
71 return newRoleInstance(findPrincipalNode(name, MgnlContext.getJCRSession(getRepositoryName())));
72 }
73 catch (Exception e) {
74 log.debug("can't find role [" + name + "]", e);
75 return null;
76 }
77 }
78
79 @Override
80 public Role createRole(String name) {
81 try {
82 Content node = getHierarchyManager().createContent("/", name, ItemType.ROLE.getSystemName());
83 getHierarchyManager().save();
84 return newRoleInstance(node);
85 }
86 catch (Exception e) {
87 log.error("can't create role [" + name + "]", e);
88 return null;
89 }
90 }
91
92
93
94
95 @Deprecated
96 protected MgnlRole newRoleInstance(Content node) throws RepositoryException {
97 return newRoleInstance(node.getJCRNode());
98 }
99
100 protected MgnlRole newRoleInstance(Node node) throws RepositoryException {
101 return new MgnlRole(node.getName(), node.getIdentifier(), getACLs(node).values());
102 }
103
104 protected HierarchyManager getHierarchyManager() {
105 return MgnlContext.getHierarchyManager(RepositoryConstants.USER_ROLES);
106 }
107
108 @Override
109 public void removePermission(Role role, String repository, String path, long permission) {
110 try {
111 Session session = MgnlContext.getJCRSession(RepositoryConstants.USER_ROLES);
112 Node roleNode = session.getNodeByIdentifier(role.getId());
113 Node aclNode = getAclNode(roleNode, repository);
114 NodeIterator children = new SameChildNodeTypeIterator(aclNode);
115 while(children.hasNext()) {
116 Node child = children.nextNode();
117 if (child.getProperty("path").getString().equals(path)) {
118 if (permission == MgnlRole.PERMISSION_ANY
119 || child.getProperty("permissions").getLong() == permission) {
120 child.remove();
121 }
122 }
123 }
124 session.save();
125 }
126 catch (Exception e) {
127 log.error("can't remove permission", e);
128 }
129 }
130
131
132
133
134
135 private Node getAclNode(Node roleNode, String repository) throws RepositoryException, PathNotFoundException,
136 AccessDeniedException {
137 Node aclNode;
138 if (!roleNode.hasNode("acl_" + repository)) {
139 aclNode = roleNode.addNode("acl_" + repository, ItemType.CONTENTNODE.getSystemName());
140 }
141 else {
142 aclNode = roleNode.getNode("acl_" + repository);
143 }
144 return aclNode;
145 }
146
147
148
149
150 private boolean existsPermission(Node aclNode, String path, long permission) throws RepositoryException {
151 NodeIterator children = aclNode.getNodes();
152 while(children.hasNext()) {
153 Node child = children.nextNode();
154 if (child.hasProperty("path") && child.getProperty("path").getString().equals(path)) {
155 if (permission == MgnlRole.PERMISSION_ANY
156 || child.getProperty("permissions").getLong() == permission) {
157 return true;
158 }
159 }
160 }
161 return false;
162 }
163
164 @Override
165 public void addPermission(Role role, String repository, String path, long permission) {
166 try {
167 Session session = MgnlContext.getJCRSession(getRepositoryName());
168 Node roleNode = session.getNodeByIdentifier(role.getId());
169 Node aclNode = getAclNode(roleNode, repository);
170 if (!this.existsPermission(aclNode, path, permission)) {
171 String nodename = Path.getUniqueLabel(session, aclNode.getPath(), "0");
172 Node node = aclNode.addNode(nodename, ItemType.CONTENTNODE.getSystemName());
173 node.setProperty("path", path);
174 node.setProperty("permissions", permission);
175 session.save();
176 }
177 }
178 catch (Exception e) {
179 log.error("can't add permission", e);
180 }
181 }
182
183 @Override
184 protected Node findPrincipalNode(String principalName, Session session) throws RepositoryException {
185 return session.getNode("/" + principalName);
186 }
187
188 @Override
189 protected String getRepositoryName() {
190 return RepositoryConstants.USER_ROLES;
191 }
192
193 @Override
194 public String getRoleNameById(String string) {
195 return getResourceName(string);
196 }
197
198 }