1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.cms.security;
35
36 import javax.jcr.Node;
37 import javax.jcr.NodeIterator;
38 import javax.jcr.PathNotFoundException;
39 import javax.jcr.RepositoryException;
40 import javax.jcr.Session;
41
42 import info.magnolia.cms.core.Content;
43 import info.magnolia.cms.core.ItemType;
44 import info.magnolia.cms.core.Path;
45 import info.magnolia.context.MgnlContext;
46 import info.magnolia.cms.core.HierarchyManager;
47 import info.magnolia.jcr.iterator.SameChildNodeTypeIterator;
48 import info.magnolia.repository.RepositoryConstants;
49
50 import org.slf4j.Logger;
51 import org.slf4j.LoggerFactory;
52
53
54
55
56
57
58
59 public class MgnlRoleManager extends RepositoryBackedSecurityManager implements RoleManager {
60 private static final Logger log = LoggerFactory.getLogger(MgnlRoleManager.class);
61
62
63
64
65 public MgnlRoleManager() {
66 }
67
68 @Override
69 public Role getRole(String name) {
70 try {
71 Node roleNode = findPrincipalNode(name, MgnlContext.getJCRSession(getRepositoryName()));
72 if (roleNode == null) {
73 log.debug("can't find role [" + name + "]");
74 return null;
75 }
76 return newRoleInstance(roleNode);
77 }
78 catch (Exception e) {
79 log.debug("can't find role [" + name + "]", e);
80 return null;
81 }
82 }
83
84 @Override
85 public Role createRole(String name) {
86 try {
87 Content node = getHierarchyManager().createContent("/", name, ItemType.ROLE.getSystemName());
88 getHierarchyManager().save();
89 return newRoleInstance(node);
90 }
91 catch (Exception e) {
92 log.error("can't create role [" + name + "]", e);
93 return null;
94 }
95 }
96
97
98
99
100 @Deprecated
101 protected MgnlRole newRoleInstance(Content node) throws RepositoryException {
102 return newRoleInstance(node.getJCRNode());
103 }
104
105 protected MgnlRole newRoleInstance(Node node) throws RepositoryException {
106 return new MgnlRole(node.getName(), node.getIdentifier(), getACLs(node).values());
107 }
108
109 protected HierarchyManager getHierarchyManager() {
110 return MgnlContext.getHierarchyManager(RepositoryConstants.USER_ROLES);
111 }
112
113 @Override
114 public void removePermission(Role role, String repository, String path, long permission) {
115 try {
116 Session session = MgnlContext.getJCRSession(RepositoryConstants.USER_ROLES);
117 Node roleNode = session.getNodeByIdentifier(role.getId());
118 Node aclNode = getAclNode(roleNode, repository);
119 NodeIterator children = new SameChildNodeTypeIterator(aclNode);
120 while(children.hasNext()) {
121 Node child = children.nextNode();
122 if (child.getProperty("path").getString().equals(path)) {
123 if (permission == MgnlRole.PERMISSION_ANY
124 || child.getProperty("permissions").getLong() == permission) {
125 child.remove();
126 }
127 }
128 }
129 session.save();
130 }
131 catch (Exception e) {
132 log.error("can't remove permission", e);
133 }
134 }
135
136
137
138
139
140 private Node getAclNode(Node roleNode, String repository) throws RepositoryException, PathNotFoundException,
141 AccessDeniedException {
142 Node aclNode;
143 if (!roleNode.hasNode("acl_" + repository)) {
144 aclNode = roleNode.addNode("acl_" + repository, ItemType.CONTENTNODE.getSystemName());
145 }
146 else {
147 aclNode = roleNode.getNode("acl_" + repository);
148 }
149 return aclNode;
150 }
151
152
153
154
155 private boolean existsPermission(Node aclNode, String path, long permission) throws RepositoryException {
156 NodeIterator children = aclNode.getNodes();
157 while(children.hasNext()) {
158 Node child = children.nextNode();
159 if (child.hasProperty("path") && child.getProperty("path").getString().equals(path)) {
160 if (permission == MgnlRole.PERMISSION_ANY
161 || child.getProperty("permissions").getLong() == permission) {
162 return true;
163 }
164 }
165 }
166 return false;
167 }
168
169 @Override
170 public void addPermission(Role role, String repository, String path, long permission) {
171 try {
172 Session session = MgnlContext.getJCRSession(getRepositoryName());
173 Node roleNode = session.getNodeByIdentifier(role.getId());
174 Node aclNode = getAclNode(roleNode, repository);
175 if (!this.existsPermission(aclNode, path, permission)) {
176 String nodename = Path.getUniqueLabel(session, aclNode.getPath(), "0");
177 Node node = aclNode.addNode(nodename, ItemType.CONTENTNODE.getSystemName());
178 node.setProperty("path", path);
179 node.setProperty("permissions", permission);
180 session.save();
181 }
182 }
183 catch (Exception e) {
184 log.error("can't add permission", e);
185 }
186 }
187
188
189
190
191
192 @Override
193 protected Node findPrincipalNode(String principalName, Session session) throws RepositoryException {
194 if (session.nodeExists("/" + principalName)) {
195 return session.getNode("/" + principalName);
196 }
197 return null;
198 }
199
200 @Override
201 protected String getRepositoryName() {
202 return RepositoryConstants.USER_ROLES;
203 }
204
205 @Override
206 public String getRoleNameById(String string) {
207 return getResourceName(string);
208 }
209
210 }