@Override public boolean isGranted(long permissions, @NotNull PropertyState property) { return versionablePermission.isGranted(permissions, property); } }
@Override public boolean includeReorder(String destName, String name, NodeState reordered) { // TODO: check access to the dest name, it might not be accessible return getTreePermission().getChildPermission(name, reordered).canRead(); }
@Override public boolean hasChildNode(@NotNull String name) { if (!state.hasChildNode(name)) { return false; } else if (treePermission.canReadAll()) { return true; } else { NodeState child = state.getChildNode(name); return treePermission.getChildPermission(name, child).canRead(); } }
@Override @NotNull public Iterable<? extends ChildNodeEntry> getChildNodeEntries() { if (treePermission.canReadAll()) { // everything is readable including ac-content -> no secure wrapper needed return state.getChildNodeEntries(); } else if (treePermission.canRead()) { Iterable<ChildNodeEntry> readable = transform( state.getChildNodeEntries(), new WrapChildEntryFunction()); return filter(readable, new IterableNodePredicate()); } else { return emptyList(); } }
private void assertVersionPermission(@NotNull TreePermission tp, @NotNull String expectedPath, boolean canRead) throws Exception { assertTrue(tp instanceof VersionTreePermission); assertEquals(canRead, tp.canRead()); assertEquals(canRead, tp.canRead(PropertyStates.createProperty("any", "Value"))); assertEquals(canRead, tp.isGranted(Permissions.READ)); assertEquals(canRead, tp.isGranted(Permissions.READ, PropertyStates.createProperty("any", "Value"))); assertEquals(canRead, tp.canReadProperties()); assertFalse(tp.canReadAll()); VersionTreePermission vtp = (VersionTreePermission) tp; TreePermission delegatee = (TreePermission) vpField.get(vtp); Tree delegateeTree = (Tree) tpImplTree.get(delegatee); assertEquals(expectedPath, delegateeTree.getPath()); }
@Override public boolean apply(@Nullable PropertyState property) { return property != null && treePermission.canRead(property); } }
VersionTreePermission createChildPermission(@Nonnull Tree versionTree) { TreePermission delegatee; if (JCR_FROZENNODE.equals(versionTree.getName()) || NT_NAMES.contains(TreeUtil.getPrimaryTypeName(versionTree))) { delegatee = versionablePermission; } else { delegatee = versionablePermission.getChildPermission(versionTree.getName(), ((ImmutableTree) versionTree).getNodeState()); } return new VersionTreePermission(versionTree, delegatee); }
@Override public boolean canReadProperties() { return versionablePermission.canReadProperties(); }
@Override public boolean canReadAll() { return versionablePermission.canReadAll(); }
@Test public void testCanReadProperties() throws Exception { AccessControlManager acMgr = getAccessControlManager(root); JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList(acMgr, "/test"); acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.JCR_READ), true); acl.addEntry(testPrincipal, privilegesFromNames(PrivilegeConstants.REP_READ_PROPERTIES), false); acMgr.setPolicy("/test", acl); root.commit(); TreePermission tp = getTreePermission("/test"); assertFalse(tp.canReadProperties()); assertTrue(tp.canRead()); assertFalse(tp.canReadProperties()); }
@Override public boolean apply(@Nullable PropertyState property) { return property != null && treePermission.canRead(property); } }
VersionTreePermission createChildPermission(@NotNull Tree versionTree) { TreePermission delegatee; if (JCR_FROZENNODE.equals(versionTree.getName()) || NT_NAMES.contains(TreeUtil.getPrimaryTypeName(versionTree))) { delegatee = versionablePermission; } else { delegatee = versionablePermission.getChildPermission(versionTree.getName(), treeProvider.asNodeState(versionTree)); } return new VersionTreePermission(versionTree, delegatee, treeProvider); }
@Override public boolean canReadProperties() { return versionablePermission.canReadProperties(); }
@Override @NotNull public Iterable<? extends ChildNodeEntry> getChildNodeEntries() { if (treePermission.canReadAll()) { // everything is readable including ac-content -> no secure wrapper needed return state.getChildNodeEntries(); } else if (treePermission.canRead()) { Iterable<ChildNodeEntry> readable = transform( state.getChildNodeEntries(), new WrapChildEntryFunction()); return filter(readable, new IterableNodePredicate()); } else { return emptyList(); } }
@Override public boolean canReadAll() { return versionablePermission.canReadAll(); }
@Override public boolean isGranted(long permissions, @Nonnull PropertyState property) { return versionablePermission.isGranted(permissions, property); } }
@Override public boolean includeReorder(String destName, String name, NodeState reordered) { // TODO: check access to the dest name, it might not be accessible return getTreePermission().getChildPermission(name, reordered).canRead(); }
@Override public boolean hasChildNode(@NotNull String name) { if (!state.hasChildNode(name)) { return false; } else if (treePermission.canReadAll()) { return true; } else { NodeState child = state.getChildNode(name); return treePermission.getChildPermission(name, child).canRead(); } }
@Override public boolean apply(@Nullable PropertyState property) { return property != null && treePermission.canRead(property); } }
VersionTreePermission createChildPermission(@NotNull Tree versionTree) { TreePermission delegatee; if (JCR_FROZENNODE.equals(versionTree.getName()) || NT_NAMES.contains(TreeUtil.getPrimaryTypeName(versionTree))) { delegatee = versionablePermission; } else { delegatee = versionablePermission.getChildPermission(versionTree.getName(), treeProvider.asNodeState(versionTree)); } return new VersionTreePermission(versionTree, delegatee, treeProvider); }