1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.module.delta;
35
36 import info.magnolia.cms.security.Role;
37 import info.magnolia.cms.security.RoleManager;
38 import info.magnolia.cms.security.SecuritySupport;
39 import info.magnolia.module.InstallContext;
40
41 import javax.jcr.RepositoryException;
42
43
44
45
46
47 public class RemovePermissionTask extends AbstractRepositoryTask {
48
49 private final String roleName;
50 private final String workspaceName;
51 private final String pathToRemove;
52 private final long permission;
53
54 public RemovePermissionTask(String taskName, String roleName, String workspaceName, String pathToRemove, long permission) {
55 this(taskName, String.format("Remove permission '%s:%s=%d' from role '%s'.", workspaceName, pathToRemove + "*", permission, roleName),
56 roleName, workspaceName, pathToRemove, permission);
57 }
58
59 public RemovePermissionTask(String taskName, String taskDescription, String roleName, String workspaceName, String pathToRemove, long permission) {
60 super(taskName, taskDescription);
61 this.roleName = roleName;
62 this.workspaceName = workspaceName;
63 this.pathToRemove = pathToRemove;
64 this.permission = permission;
65 }
66
67 @Override
68 protected void doExecute(InstallContext ctx) throws RepositoryException, TaskExecutionException {
69 try {
70 final SecuritySupport securitySupport = SecuritySupport.Factory.getInstance();
71 final RoleManager roleManager = securitySupport.getRoleManager();
72 final Role role = roleManager.getRole(roleName);
73
74 if (role != null) {
75 roleManager.removePermission(role, workspaceName, pathToRemove, permission);
76 roleManager.removePermission(role, workspaceName, pathToRemove + "/*", permission);
77 } else {
78 ctx.warn("Role \"" + roleName + "\" not found, can't remove its ACL permission.");
79 }
80 } catch (UnsupportedOperationException e1) {
81 ctx.warn("Can't update role \"" + roleName + "\" due to an unsupported operation exception. This is most likely the case if the roles are managed externally.");
82 }
83 }
84 }