1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.setup.initial;
35
36 import info.magnolia.cms.core.Content;
37 import info.magnolia.cms.core.MgnlNodeType;
38 import info.magnolia.module.InstallContext;
39 import info.magnolia.module.delta.AllChildrenNodesOperation;
40 import info.magnolia.module.delta.TaskExecutionException;
41 import info.magnolia.repository.RepositoryConstants;
42
43 import javax.jcr.RepositoryException;
44
45 import org.slf4j.Logger;
46 import org.slf4j.LoggerFactory;
47
48
49
50
51
52
53 public class AddURIPermissionsToAllRoles extends AllChildrenNodesOperation {
54 private static final int ALLOW_ALL = 63;
55 private static final int DENY = 0;
56
57 private final boolean isAuthorInstance;
58
59 private static Logger log = LoggerFactory.getLogger(AllChildrenNodesOperation.class);
60
61 public AddURIPermissionsToAllRoles(boolean isAuthorInstance) {
62 super("URI permissions", "Introduction of URI-based security. All existing roles will have GET/POST permissions on /*.", RepositoryConstants.USER_ROLES, "/", new Content.ContentFilter() {
63 @Override
64 public boolean accept(Content content) {
65 try {
66 final String itemType = content.getItemType().getSystemName();
67
68 return itemType.startsWith("mgnl:") && !itemType.equals(MgnlNodeType.NT_METADATA);
69 }
70 catch (RepositoryException e) {
71 log.error("Unable to read itemtype for node {}", content.getHandle());
72 return false;
73 }
74 }
75
76 });
77 this.isAuthorInstance = isAuthorInstance;
78 }
79
80 @Override
81 protected void operateOnChildNode(Content node, InstallContext ctx) throws RepositoryException, TaskExecutionException {
82 final Content uriPermissionsNode = node.createContent("acl_uri", MgnlNodeType.NT_CONTENTNODE);
83 if ("anonymous".equals(node.getName())) {
84 if (isAuthorInstance) {
85 addPermission(uriPermissionsNode, "0", "/*", DENY);
86 } else {
87 addPermission(uriPermissionsNode, "0", "/*", ALLOW_ALL);
88 addPermission(uriPermissionsNode, "00", "/.magnolia", DENY);
89 addPermission(uriPermissionsNode, "01", "/.magnolia/*", DENY);
90 }
91 } else {
92 addPermission(uriPermissionsNode, "0", "/*", ALLOW_ALL);
93 }
94 }
95
96 private void addPermission(Content uriRepoNode, String permNodeName, String path, long value) throws RepositoryException {
97 final Content permNode = uriRepoNode.createContent(permNodeName, MgnlNodeType.NT_CONTENTNODE);
98 permNode.createNodeData("path", path);
99 permNode.createNodeData("permissions", Long.valueOf(value));
100 }
101 }