/** * Creates an ACE that gives full access to the owner. * <p/> * <p> Modifications to this ACL are not persisted. </p> */ protected void addOwnerAce( final String owner, final ACLTemplate acl ) throws RepositoryException { Principal ownerPrincipal = systemSession.getPrincipalManager().getPrincipal( owner ); if ( ownerPrincipal != null ) { Principal magicPrincipal = null; if ( ownerPrincipal instanceof Group ) { magicPrincipal = new MagicGroup( JcrTenantUtils.getTenantedUser( ownerPrincipal.getName() ) ); } else { magicPrincipal = new MagicPrincipal( JcrTenantUtils.getTenantedUser( ownerPrincipal.getName() ) ); } // unfortunately, we need the ACLTemplate because it alone can create ACEs that can be cast successfully // later; // changed never persisted acl.addAccessControlEntry( magicPrincipal, new Privilege[] { systemSession.getAccessControlManager() .privilegeFromName( "jcr:all" ) } ); //$NON-NLS-1$ } else { // if the Principal doesn't exist anymore, then there's no reason to add an ACE for it if ( log.isDebugEnabled() ) { log.debug( "PrincipalManager cannot find owner=" + owner ); //$NON-NLS-1$ } } }
log.debug("... Privilege.ALL for administrators."); Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_ALL)}; acl.addAccessControlEntry(administrators, privs); } else { log.info("Administrators principal group is missing -> omitting initialization of default permissions."); log.debug("... Privilege.READ for everyone."); Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)}; acl.addAccessControlEntry(everyone, privs);
log.debug("... Privilege.ALL for administrators."); Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_ALL)}; acl.addAccessControlEntry(administrators, privs); } else { log.info("Administrators principal group is missing -> omitting initialization of default permissions."); log.debug("... Privilege.READ for everyone."); Privilege[] privs = new Privilege[]{acMgr.privilegeFromName(Privilege.JCR_READ)}; acl.addAccessControlEntry(everyone, privs);
acl.addAccessControlEntry( principal, def.privileges );
if ( !ancestorAcl.addAccessControlEntry( entry.isGroupEntry() ? new MagicGroup( entry.getPrincipalName() ) : new MagicPrincipal( entry.getPrincipalName() ), privs.toArray( new Privilege[privs.size()] ) ) ) {
if ( ArrayUtils.contains( expandedPrivileges, removeChildNodesPrivilege ) && !ArrayUtils.contains( expandedPrivileges, removeNodePrivilege ) ) { if ( !acl.addAccessControlEntry( entry.getPrincipal(), new Privilege[] { removeNodePrivilege } ) ) {
acl.addAccessControlEntry(testUser.getPrincipal(), privilegesFromName(PrivilegeRegistry.REP_WRITE)); testAcMgr.setPolicy(path, acl); testSession.save();