View Javadoc

1   /**
2    * This file Copyright (c) 2010 Magnolia International
3    * Ltd.  (http://www.magnolia-cms.com). All rights reserved.
4    *
5    *
6    * This file is dual-licensed under both the Magnolia
7    * Network Agreement and the GNU General Public License.
8    * You may elect to use one or the other of these licenses.
9    *
10   * This file is distributed in the hope that it will be
11   * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12   * implied warranty of MERCHANTABILITY or FITNESS FOR A
13   * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14   * Redistribution, except as permitted by whichever of the GPL
15   * or MNA you select, is prohibited.
16   *
17   * 1. For the GPL license (GPL), you can redistribute and/or
18   * modify this file under the terms of the GNU General
19   * Public License, Version 3, as published by the Free Software
20   * Foundation.  You should have received a copy of the GNU
21   * General Public License, Version 3 along with this program;
22   * if not, write to the Free Software Foundation, Inc., 51
23   * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24   *
25   * 2. For the Magnolia Network Agreement (MNA), this file
26   * and the accompanying materials are made available under the
27   * terms of the MNA which accompanies this distribution, and
28   * is available at http://www.magnolia-cms.com/mna.html
29   *
30   * Any modifications to this file must keep this entire header
31   * intact.
32   *
33   */
34  package info.magnolia.setup.for4_3;
35  
36  import info.magnolia.cms.beans.config.ContentRepository;
37  import info.magnolia.cms.core.Content;
38  import info.magnolia.cms.core.ItemType;
39  import info.magnolia.cms.core.MetaData;
40  import info.magnolia.cms.core.Path;
41  import info.magnolia.cms.security.AccessDeniedException;
42  import info.magnolia.cms.security.MgnlUserManager;
43  import info.magnolia.cms.security.Permission;
44  import info.magnolia.cms.util.NodeTypeFilter;
45  import info.magnolia.module.InstallContext;
46  import info.magnolia.module.delta.AllChildrenNodesOperation;
47  import info.magnolia.module.delta.TaskExecutionException;
48  
49  import javax.jcr.PathNotFoundException;
50  import javax.jcr.RepositoryException;
51  
52  import org.slf4j.Logger;
53  import org.slf4j.LoggerFactory;
54  
55  
56  /**
57   * Updates all users to add an extra permission to read their own configuration node..
58   * @author had
59   * @version $Id: $
60   *
61   */
62  public class UpdateUserPermissions extends AllChildrenNodesOperation {
63  
64      private static Logger log = LoggerFactory.getLogger(UpdateUserPermissions.class);
65  
66      public UpdateUserPermissions() {
67          super("User definition update", "Changes user rights to allow properties updates while preventing user from modifying ACLs unintentionally.", ContentRepository.USERS,  "/", new NodeTypeFilter(ItemType.FOLDER));
68      }
69  
70      public void operateOnChildNode(Content node, InstallContext installContext)
71          throws RepositoryException, TaskExecutionException {
72          try {
73              for (Content user : node.getChildren(ItemType.USER)) {
74                  String handle = user.getHandle();
75                  boolean hadAccess = false;
76                  Content acls = user.getContent("acl_users");
77                  if (acls == null) {
78                      // not a proper user node just skip over.
79                      installContext.warn("User " + user.getName() + " doesn't seem to be properly configured. Account path is " + handle + ".");
80                      continue;
81                  }
82                  for (Content permission : acls.getChildren()) {
83                      // remove write access to own node (if found)
84                      if ((handle + "/*").equals(permission.getNodeData("path").getString()) && (permission.getNodeData("permissions").getLong() >= Permission.WRITE)) {
85                          hadAccess = true;
86                          permission.delete();
87                          break;
88                      }
89                  }
90                  if (hadAccess) {
91                      // those who had access to their nodes should get access to their own props
92                      addWrite(handle, MgnlUserManager.PROPERTY_EMAIL, acls);
93                      addWrite(handle, MgnlUserManager.PROPERTY_LANGUAGE, acls);
94                      addWrite(handle, MgnlUserManager.PROPERTY_LASTACCESS, acls);
95                      addWrite(handle, MgnlUserManager.PROPERTY_PASSWORD, acls);
96                      addWrite(handle, MgnlUserManager.PROPERTY_TITLE, acls);
97                      // and of course the meta data
98                      addWrite(handle, MetaData.DEFAULT_META_NODE, acls);
99                      acls.save();
100                 }
101             }
102         } catch (RepositoryException e) {
103             log.error(e.getMessage(), e);
104             throw new TaskExecutionException("Failed to update user permissions. See log file for more details.");
105         }
106     }
107 
108     private Content addWrite(String parentPath, String property, Content acls) throws PathNotFoundException, RepositoryException, AccessDeniedException {
109         Content acl = acls.createContent(Path.getUniqueLabel(acls.getHierarchyManager(), acls.getHandle(), "0"), ItemType.CONTENTNODE);
110         acl.setNodeData("path", parentPath + "/" + property);
111         acl.setNodeData("permissions", new Long(Permission.ALL));
112         return acl;
113     }
114 }