/** * Overridden to: * <ul> * <li>Return custom {@code CompiledPermissions}. * </ul> * * @see PentahoCompiledPermissionsImpl */ @Override public CompiledPermissions compilePermissions( Set<Principal> principals ) throws RepositoryException { checkInitialized(); if ( isAdminOrSystem( principals ) ) { return getAdminPermissions(); } else if ( isReadOnly( principals ) ) { return getReadOnlyPermissions(); } else { return getCompiledPermissions( principals ); } }
/** * Overridden to: * <ul> * <li>Use custom {@code CompiledPermissions}. * </ul> * * @see PentahoCompiledPermissionsImpl */ @Override public boolean canAccessRoot( Set<Principal> principals ) throws RepositoryException { checkInitialized(); if ( isAdminOrSystem( principals ) ) { return true; } else { CompiledPermissions cp = getCompiledPermissions( principals ); try { return cp.canRead( null, getRootNodeId() ); } finally { cp.close(); } } }
/** * Overridden to: * <ul> * <li>Return custom {@code EntryCollector}. * <li>Later access to the {@code EntryCollector} * </ul> */ @Override protected EntryCollector createEntryCollector( SessionImpl systemSession ) throws RepositoryException { if ( entryCollector != null ) { return entryCollector; } // keep our own private reference; the one in ACLProvider is private if ( useCachingEntryCollector ) { entryCollector = new CachingPentahoEntryCollector( systemSession, getRootNodeId(), configuration ); logger.debug( "Using Caching EntryCollector" ); } else { entryCollector = new PentahoEntryCollector( systemSession, getRootNodeId(), configuration ); logger.debug( "Using Non-Caching EntryCollector" ); } registerEntryCollectorWithObservationManager( systemSession ); return entryCollector; }
/** * Overridden to: * <ul> * <li>Store {@code configuration} for later passing to {@link PentahoEntryCollector}.</li> * <li>Add JCR_READ_ACCESS_CONTROL to root ACL. This is harmless and avoids more customization.</li> * </ul> */ @Override @SuppressWarnings( "rawtypes" ) public void init( final Session systemSession, final Map conf ) throws RepositoryException { this.configuration = conf; ISystemConfig settings = PentahoSystem.get( ISystemConfig.class ); if ( settings != null ) { useCachingEntryCollector = "true".equals( settings.getProperty( "system.cachingEntryCollector" ) ); } super.init( systemSession, conf ); // original initRootACL should run during super.init call above updateRootAcl( (SessionImpl) systemSession, new ACLEditor( session, this, false /* allowUnknownPrincipals */ ) ); this.initialized = true; registerEntryCollectorWithObservationManager( systemSession ); }
@Test public void testRequireRootAclUpdate() throws Exception { // everyone principle does not exist, update should be required assertTrue( provider.requireRootAclUpdate( editor ) ); // add everyone principle when( aclEntry.getPrincipal() ).thenReturn( everyone ); // everyone principle exists, but the JCR_READ_ACCESS_CONTROL privilege is not yet added, update should be required assertTrue( provider.requireRootAclUpdate( editor ) ); // add the JCR_READ_ACCESS_CONTROL privilege Privilege[] privs = new Privilege[] { jcrReadAccessControlPriv }; when( aclEntry.getPrivileges() ).thenReturn( privs ); // everyone principle exists and it had the the JCR_READ_ACCESS_CONTROL privilege, update should not be required assertFalse( provider.requireRootAclUpdate( editor ) ); } }
@Before public void setup() throws Exception { systemSession = Mockito.mock( SessionImpl.class ); rootNode = Mockito.mock( NodeImpl.class ); pMgr = Mockito.mock( PrincipalManager.class ); editor = Mockito.mock( ACLEditor.class ); acList = Mockito.mock( ACLTemplate.class ); acMgr = Mockito.mock( AccessControlManager.class ); everyone = Mockito.mock( Principal.class ); aclEntry = Mockito.mock( ACLTemplate.Entry.class ); jcrReadAccessControlPriv = Mockito.mock( Privilege.class ); when( systemSession.getRootNode() ).thenReturn( rootNode ); when( systemSession.getPrincipalManager() ).thenReturn( pMgr ); when( systemSession.getAccessControlManager() ).thenReturn( acMgr ); when( rootNode.getPath() ).thenReturn( rootPath ); when( pMgr.getEveryone() ).thenReturn( everyone ); when( acMgr.privilegeFromName( Privilege.JCR_READ_ACCESS_CONTROL ) ).thenReturn( jcrReadAccessControlPriv ); final AccessControlPolicy[] acls = new AccessControlPolicy[]{acList}; when( editor.getPolicies( rootPath ) ).thenReturn( acls ); final AccessControlEntry[] acEntries = new AccessControlEntry[]{ aclEntry }; when( acList.getAccessControlEntries() ).thenReturn( acEntries ); provider = new PentahoACLProvider(); Whitebox.setInternalState( provider, "session", systemSession ); }