public ItemState getCanonicalItemState(ItemId id) throws NoSuchItemStateException, ItemStateException { try { if (!accessManager.isGranted(id, AccessManager.READ)) { return null; } } catch (RepositoryException ex) { return null; } return super.getItemState(id); }
private void checkPermission(NodeImpl node, Name childName, int perm) throws RepositoryException { if (perm > Permission.NONE) { SessionImpl sImpl = (SessionImpl) node.getSession(); AccessManager acMgr = sImpl.getAccessManager(); boolean isGranted = acMgr.isGranted(node.getPrimaryPath(), childName, perm); if (!isGranted) { throw new AccessDeniedException("Permission denied."); } } }
private void checkPermission(NodeImpl node, Name childName, int perm) throws RepositoryException { if (perm > Permission.NONE) { SessionImpl sImpl = (SessionImpl) node.getSession(); AccessManager acMgr = sImpl.getAccessManager(); boolean isGranted = acMgr.isGranted(node.getPrimaryPath(), childName, perm); if (!isGranted) { throw new AccessDeniedException("Permission denied."); } } }
/** * Verifies that the node at <code>nodePath</code> can be read. The * following conditions must hold true: * <ul> * <li>the node must exist</li> * <li>the current session must be granted read access on it</li> * </ul> * * @param nodePath path of node to check * @throws PathNotFoundException if no node exists at * <code>nodePath</code> of the current * session is not granted read access * to the specified path * @throws RepositoryException if another error occurs */ public void verifyCanRead(Path nodePath) throws PathNotFoundException, RepositoryException { // access rights // make sure current session is granted read access on node AccessManager accessMgr = context.getAccessManager(); if (!accessMgr.isGranted(nodePath, Permission.READ)) { throw new PathNotFoundException(safeGetJCRPath(nodePath)); } }
/** * Verifies that the node at <code>nodePath</code> can be read. The * following conditions must hold true: * <ul> * <li>the node must exist</li> * <li>the current session must be granted read access on it</li> * </ul> * * @param nodePath path of node to check * @throws PathNotFoundException if no node exists at * <code>nodePath</code> of the current * session is not granted read access * to the specified path * @throws RepositoryException if another error occurs */ public void verifyCanRead(Path nodePath) throws PathNotFoundException, RepositoryException { // access rights // make sure current session is granted read access on node AccessManager accessMgr = context.getAccessManager(); if (!accessMgr.isGranted(nodePath, Permission.READ)) { throw new PathNotFoundException(safeGetJCRPath(nodePath)); } }
/** * @param parent The item data of the parent node. * @param childId * @return true if the item with the given <code>childId</code> can be read; * <code>false</code> otherwise. * @throws RepositoryException */ private boolean canRead(ItemData parent, ItemId childId) throws RepositoryException { if (parent.getStatus() == ItemState.STATUS_EXISTING) { // child item is for sure not NEW (because then the parent was modified). // safe to use AccessManager#canRead(Path, ItemId). return sessionContext.getAccessManager().canRead(null, childId); } else { // child could be NEW -> don't use AccessManager#canRead(Path, ItemId) return sessionContext.getAccessManager().isGranted(childId, AccessManager.READ); } }
/** * make sure the editing session is allowed create nodes with a * specified node type (and ev. mixins),<br> * NOTE: this check is not executed in a single place as the parent * may change in case of * {@link javax.jcr.ImportUUIDBehavior#IMPORT_UUID_COLLISION_REPLACE_EXISTING IMPORT_UUID_COLLISION_REPLACE_EXISTING}. * * @param parent parent node * @param nodeName the name * @throws RepositoryException if an error occurs */ protected void checkPermission(NodeImpl parent, Name nodeName) throws RepositoryException { if (!session.getAccessManager().isGranted(session.getQPath(parent.getPath()), nodeName, Permission.NODE_TYPE_MNGMT)) { throw new AccessDeniedException("Insufficient permission."); } }
/** * make sure the editing session is allowed create nodes with a * specified node type (and ev. mixins),<br> * NOTE: this check is not executed in a single place as the parent * may change in case of * {@link javax.jcr.ImportUUIDBehavior#IMPORT_UUID_COLLISION_REPLACE_EXISTING IMPORT_UUID_COLLISION_REPLACE_EXISTING}. * * @param parent parent node * @param nodeName the name * @throws RepositoryException if an error occurs */ protected void checkPermission(NodeImpl parent, Name nodeName) throws RepositoryException { if (!session.getAccessManager().isGranted(session.getQPath(parent.getPath()), nodeName, Permission.NODE_TYPE_MNGMT)) { throw new AccessDeniedException("Insufficient permission."); } }
public void testIsGrantedPathToNonExistingItem() throws NotExecutableException, RepositoryException { AccessManager acMgr = getAccessManager(superuser); Path p = PathFactoryImpl.getInstance().getRootPath(); // existing node-path assertTrue(acMgr.isGranted(p, Permission.ALL)); // not existing property: assertTrue(acMgr.isGranted(p, NameConstants.JCR_CREATED, Permission.ALL)); // existing property assertTrue(acMgr.isGranted(p, NameConstants.JCR_PRIMARYTYPE, Permission.ALL)); }
@Override protected void checkUnlock(final LockInfo info, final Session session) throws LockException, RepositoryException { if (session instanceof org.apache.jackrabbit.core.SessionImpl) { final org.apache.jackrabbit.core.SessionImpl sessionImpl = ((org.apache.jackrabbit.core.SessionImpl) session); final Path path = sessionImpl.getHierarchyManager().getPath(info.getId()); if (sessionImpl.getAccessManager().isGranted(path, Permission.LOCK_MNGMT)) { return; } } super.checkUnlock(info, session); }
/** * @param parent The item data of the parent node. * @param childId * @return true if the item with the given <code>childId</code> can be read; * <code>false</code> otherwise. * @throws RepositoryException */ private boolean canRead(ItemData parent, ItemId childId) throws RepositoryException { if (parent.getStatus() == ItemState.STATUS_EXISTING) { // child item is for sure not NEW (because then the parent was modified). // safe to use AccessManager#canRead(Path, ItemId). return sessionContext.getAccessManager().canRead(null, childId); } else { // child could be NEW -> don't use AccessManager#canRead(Path, ItemId) return sessionContext.getAccessManager().isGranted(childId, AccessManager.READ); } }
public void testIsGrantedOnProperty() throws RepositoryException, NotExecutableException { Session s = getHelper().getReadOnlySession(); try { AccessManager acMgr = getAccessManager(s); PropertyId id = (PropertyId) getItemId(testRootNode.getProperty(jcrPrimaryType)); assertTrue(acMgr.isGranted(id, AccessManager.READ)); assertFalse(acMgr.isGranted(id, AccessManager.WRITE)); assertFalse(acMgr.isGranted(id, AccessManager.WRITE | AccessManager.REMOVE)); } finally { s.logout(); } }
public void testIsGranted() throws RepositoryException, NotExecutableException { Session s = getHelper().getReadOnlySession(); try { AccessManager acMgr = getAccessManager(s); NodeId id = (NodeId) getItemId(s.getItem(testRootNode.getPath())); assertTrue(acMgr.isGranted(id, AccessManager.READ)); assertFalse(acMgr.isGranted(id, AccessManager.WRITE)); assertFalse(acMgr.isGranted(id, AccessManager.WRITE | AccessManager.REMOVE)); } finally { s.logout(); } }
public void testIsGrantedOnNewNode() throws RepositoryException, NotExecutableException { Session s = getHelper().getReadWriteSession(); try { AccessManager acMgr = getAccessManager(s); Node newNode = ((Node) s.getItem(testRoot)).addNode(nodeName2, testNodeType); NodeId id = (NodeId) getItemId(newNode); assertTrue(acMgr.isGranted(id, AccessManager.READ)); assertTrue(acMgr.isGranted(id, AccessManager.WRITE)); assertTrue(acMgr.isGranted(id, AccessManager.WRITE | AccessManager.REMOVE)); } finally { s.logout(); } }
public void testIsGrantedReadOnlySession() throws NotExecutableException, RepositoryException { Session s = getHelper().getReadOnlySession(); try { AccessManager acMgr = getAccessManager(s); Path p = PathFactoryImpl.getInstance().getRootPath(); // existing node-path assertTrue(acMgr.isGranted(p, Permission.READ)); // not existing property: assertTrue(acMgr.isGranted(p, NameConstants.JCR_CREATED, Permission.READ)); // existing node-path assertFalse(acMgr.isGranted(p, Permission.ALL)); // not existing property: assertFalse(acMgr.isGranted(p, NameConstants.JCR_CREATED, Permission.ALL)); } finally { s.logout(); } }
public void testIsGrantedWithRelativePath() throws NotExecutableException { AccessManager acMgr = getAccessManager(superuser); Path p = PathFactoryImpl.getInstance().create(NameConstants.JCR_DATA); try { acMgr.isGranted(p, Permission.READ); fail("calling AccessManager.isGranted(Path, int) with relative path must fail."); } catch (RepositoryException e) { // success } try { acMgr.isGranted(p, NameConstants.JCR_CREATED, Permission.READ); fail("calling AccessManager.isGranted(Path, int) with relative path must fail."); } catch (RepositoryException e) { // success } }
/** * Returns <code>true</code> if the item corresponding to the specified * <code>eventState</code> can be read the the current session. * * @param eventState * @return * @throws RepositoryException */ private boolean canRead(EventState eventState) throws RepositoryException { Path targetPath = pathFactory.create(eventState.getParentPath(), eventState.getChildRelPath().getName(), eventState.getChildRelPath().getNormalizedIndex(), true); return session.getAccessManager().isGranted(targetPath, Permission.READ); } }
/** * Returns <code>true</code> if the item corresponding to the specified * <code>eventState</code> can be read the the current session. * * @param eventState * @return * @throws RepositoryException */ private boolean canRead(EventState eventState) throws RepositoryException { Path targetPath = pathFactory.create(eventState.getParentPath(), eventState.getChildRelPath().getName(), eventState.getChildRelPath().getNormalizedIndex(), true); return session.getAccessManager().isGranted(targetPath, Permission.READ); } }