1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.setup.initial;
35
36 import info.magnolia.cms.core.Content;
37 import info.magnolia.jcr.util.NodeTypes;
38 import info.magnolia.module.InstallContext;
39 import info.magnolia.module.delta.AllChildrenNodesOperation;
40 import info.magnolia.module.delta.TaskExecutionException;
41 import info.magnolia.repository.RepositoryConstants;
42
43 import javax.jcr.RepositoryException;
44
45 import org.slf4j.Logger;
46 import org.slf4j.LoggerFactory;
47
48
49
50
51 public class AddURIPermissionsToAllRoles extends AllChildrenNodesOperation {
52 private static final int ALLOW_ALL = 63;
53 private static final int DENY = 0;
54
55 private final boolean isAuthorInstance;
56
57 private static Logger log = LoggerFactory.getLogger(AllChildrenNodesOperation.class);
58
59 public AddURIPermissionsToAllRoles(boolean isAuthorInstance) {
60 super("URI permissions", "Introduction of URI-based security. All existing roles will have GET/POST permissions on /*.", RepositoryConstants.USER_ROLES, "/", new Content.ContentFilter() {
61 @Override
62 public boolean accept(Content content) {
63 try {
64 final String itemType = content.getItemType().getSystemName();
65
66 return itemType.startsWith("mgnl:") && !itemType.equals(NodeTypes.MetaData.NAME);
67 }
68 catch (RepositoryException e) {
69 log.error("Unable to read itemtype for node {}", content.getHandle());
70 return false;
71 }
72 }
73
74 });
75 this.isAuthorInstance = isAuthorInstance;
76 }
77
78 @Override
79 protected void operateOnChildNode(Content node, InstallContext ctx) throws RepositoryException, TaskExecutionException {
80 final Content uriPermissionsNode = node.createContent("acl_uri", NodeTypes.ContentNode.NAME);
81 if ("anonymous".equals(node.getName())) {
82 if (isAuthorInstance) {
83 addPermission(uriPermissionsNode, "0", "/*", DENY);
84 } else {
85 addPermission(uriPermissionsNode, "0", "/*", ALLOW_ALL);
86 addPermission(uriPermissionsNode, "00", "/.magnolia", DENY);
87 addPermission(uriPermissionsNode, "01", "/.magnolia/*", DENY);
88 }
89 } else {
90 addPermission(uriPermissionsNode, "0", "/*", ALLOW_ALL);
91 }
92 }
93
94 private void addPermission(Content uriRepoNode, String permNodeName, String path, long value) throws RepositoryException {
95 final Content permNode = uriRepoNode.createContent(permNodeName, NodeTypes.ContentNode.NAME);
96 permNode.createNodeData("path", path);
97 permNode.createNodeData("permissions", Long.valueOf(value));
98 }
99 }