1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.setup.initial;
35
36 import info.magnolia.cms.core.Content;
37 import info.magnolia.jcr.util.NodeTypes;
38 import info.magnolia.module.InstallContext;
39 import info.magnolia.module.delta.AllChildrenNodesOperation;
40 import info.magnolia.module.delta.TaskExecutionException;
41 import info.magnolia.repository.RepositoryConstants;
42
43 import javax.jcr.RepositoryException;
44
45 import org.slf4j.Logger;
46 import org.slf4j.LoggerFactory;
47
48
49
50
51 public class AddURIPermissionsToAllRoles extends AllChildrenNodesOperation {
52 private static final int ALLOW_ALL = 63;
53 private static final int DENY = 0;
54
55 private final boolean isAuthorInstance;
56
57 private static Logger log = LoggerFactory.getLogger(AllChildrenNodesOperation.class);
58
59 public AddURIPermissionsToAllRoles(boolean isAuthorInstance) {
60 super("URI permissions", "Introduction of URI-based security. All existing roles will have GET/POST permissions on /*.", RepositoryConstants.USER_ROLES, "/", new Content.ContentFilter() {
61 @Override
62 public boolean accept(Content content) {
63 try {
64 final String itemType = content.getItemType().getSystemName();
65
66 return itemType.startsWith("mgnl:") && !itemType.equals(NodeTypes.MetaData.NAME);
67 } catch (RepositoryException e) {
68 log.error("Unable to read itemtype for node {}", content.getHandle());
69 return false;
70 }
71 }
72
73 });
74 this.isAuthorInstance = isAuthorInstance;
75 }
76
77 @Override
78 protected void operateOnChildNode(Content node, InstallContext ctx) throws RepositoryException, TaskExecutionException {
79 final Content uriPermissionsNode = node.createContent("acl_uri", NodeTypes.ContentNode.NAME);
80 if ("anonymous".equals(node.getName())) {
81 if (isAuthorInstance) {
82 addPermission(uriPermissionsNode, "0", "/*", DENY);
83 } else {
84 addPermission(uriPermissionsNode, "0", "/*", ALLOW_ALL);
85 addPermission(uriPermissionsNode, "00", "/.magnolia", DENY);
86 addPermission(uriPermissionsNode, "01", "/.magnolia/*", DENY);
87 }
88 } else {
89 addPermission(uriPermissionsNode, "0", "/*", ALLOW_ALL);
90 }
91 }
92
93 private void addPermission(Content uriRepoNode, String permNodeName, String path, long value) throws RepositoryException {
94 final Content permNode = uriRepoNode.createContent(permNodeName, NodeTypes.ContentNode.NAME);
95 permNode.createNodeData("path", path);
96 permNode.createNodeData("permissions", Long.valueOf(value));
97 }
98 }