1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.setup.for5_2;
35
36 import info.magnolia.cms.security.Permission;
37 import info.magnolia.cms.security.Role;
38 import info.magnolia.cms.security.RoleManager;
39 import info.magnolia.cms.security.SecuritySupport;
40 import info.magnolia.cms.security.auth.ACL;
41 import info.magnolia.jcr.util.NodeTypes;
42 import info.magnolia.jcr.util.NodeUtil;
43 import info.magnolia.module.InstallContext;
44 import info.magnolia.module.delta.QueryTask;
45 import info.magnolia.module.delta.TaskExecutionException;
46 import info.magnolia.repository.RepositoryConstants;
47
48 import javax.jcr.Node;
49 import javax.jcr.RepositoryException;
50
51
52
53
54 public class GrantReadPermissionToRolesTask extends QueryTask {
55
56 private RoleManager roleManager;
57
58 public GrantReadPermissionToRolesTask(String name, String description) {
59 super(name, description, RepositoryConstants.USER_ROLES, "select * from [" + NodeTypes.Role.NAME + "] as t ");
60 }
61
62 @Override
63 protected void doExecute(InstallContext installContext) throws RepositoryException, TaskExecutionException {
64 SecuritySupport securitySupport = SecuritySupport.Factory.getInstance();
65 roleManager = securitySupport.getRoleManager();
66 super.doExecute(installContext);
67 }
68
69 @Override
70 protected void operateOnNode(InstallContext installContext, Node node) {
71 try {
72 String roleName = node.getName();
73 String roleNamePattern = "/" + roleName;
74 Role role = roleManager.getRole(roleName);
75
76 ACL aclUserroles = roleManager.getACLs(roleName).get(RepositoryConstants.USER_ROLES);
77
78 if (aclUserroles == null || !hasReadPermission(aclUserroles, roleNamePattern)) {
79 roleManager.addPermission(role, RepositoryConstants.USER_ROLES, roleNamePattern, Permission.READ);
80 }
81
82 } catch (RepositoryException e) {
83 installContext.warn("Not able to add read permission to the following role: " + NodeUtil.getNodePathIfPossible(node));
84 }
85 }
86
87
88
89
90 private boolean hasReadPermission(ACL aclUserroles, String pattern) {
91 for (Permission permission : aclUserroles.getList()) {
92 if (permission.match(pattern)) {
93 return true;
94 }
95 }
96 return false;
97 }
98
99 }