Class JcrRepositoryFileAclDao
- java.lang.Object
-
- org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclDao
-
- All Implemented Interfaces:
IRepositoryFileAclDao
public class JcrRepositoryFileAclDao extends Object implements IRepositoryFileAclDao
Jackrabbit-based implementation ofIRepositoryFileAclDao
.All mutating public methods require checkout and checkin calls since the act of simply calling
AccessControlManager.getApplicablePolicies()
(as is done intoAcl(Session, PentahoJcrConstants, Serializable)
) will query that the node is allowed to have the "access controlled" mixin type added. If the node is checked in, this query will return false. See Jackrabbit'sItemValidator.hasCondition()
.- Author:
- mlowery
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static interface
JcrRepositoryFileAclDao.IPermissionConversionHelper
Converts betweenRepositoryFilePermission
andPrivilege
instances.
-
Constructor Summary
Constructors Constructor Description JcrRepositoryFileAclDao(org.springframework.extensions.jcr.JcrTemplate jcrTemplate, IPathConversionHelper pathConversionHelper, String tenantAdminAuthorityName)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addAce(Serializable id, org.pentaho.platform.api.repository2.unified.RepositoryFileSid recipient, EnumSet<org.pentaho.platform.api.repository2.unified.RepositoryFilePermission> permission)
Adds ACE to end of ACL.org.pentaho.platform.api.repository2.unified.RepositoryFileAcl
createAcl(Serializable fileId, org.pentaho.platform.api.repository2.unified.RepositoryFileAcl acl)
Creates an ACL.org.pentaho.platform.api.repository2.unified.RepositoryFileAcl
getAcl(Serializable id)
Returns ACL for file.List<org.pentaho.platform.api.repository2.unified.RepositoryFileAce>
getEffectiveAces(Serializable id, boolean forceEntriesInheriting)
Returns the list of access control entries that will be used to make an access control decision.protected String
getOwner(javax.jcr.Session session, String path, javax.jcr.security.AccessControlList acList)
protected org.pentaho.platform.api.repository2.unified.RepositoryFileAcl
getParentAcl(Serializable id)
boolean
hasAccess(String relPath, EnumSet<org.pentaho.platform.api.repository2.unified.RepositoryFilePermission> permissions)
Returnstrue
if the user has all of the permissions.protected org.pentaho.platform.api.repository2.unified.RepositoryFileAcl
internalUpdateAcl(javax.jcr.Session session, PentahoJcrConstants pentahoJcrConstants, Serializable fileId, org.pentaho.platform.api.repository2.unified.RepositoryFileAcl acl)
protected boolean
isEntriesInheriting(javax.jcr.Session session, String path, javax.jcr.security.AccessControlList acList)
void
setFullControl(Serializable id, org.pentaho.platform.api.repository2.unified.RepositoryFileSid sid, org.pentaho.platform.api.repository2.unified.RepositoryFilePermission permission)
Gives full control (all permissions) to given sid.protected org.pentaho.platform.api.repository2.unified.RepositoryFileAce
toAce(javax.jcr.Session session, javax.jcr.security.AccessControlEntry acEntry)
org.pentaho.platform.api.repository2.unified.RepositoryFileAcl
updateAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl acl)
Updates an ACL.
-
-
-
Constructor Detail
-
JcrRepositoryFileAclDao
public JcrRepositoryFileAclDao(org.springframework.extensions.jcr.JcrTemplate jcrTemplate, IPathConversionHelper pathConversionHelper, String tenantAdminAuthorityName)
-
-
Method Detail
-
getEffectiveAces
public List<org.pentaho.platform.api.repository2.unified.RepositoryFileAce> getEffectiveAces(Serializable id, boolean forceEntriesInheriting)
Returns the list of access control entries that will be used to make an access control decision.- Specified by:
getEffectiveAces
in interfaceIRepositoryFileAclDao
- Parameters:
id
- file idforceEntriesInheriting
-true
to treat ACL as ifisEntriesInheriting
was true; this avoids having the caller fetch the parent of ACL belonging to file withfileId
; no change is persisted to the ACL- Returns:
- list of ACEs
-
getOwner
protected String getOwner(javax.jcr.Session session, String path, javax.jcr.security.AccessControlList acList) throws javax.jcr.RepositoryException
- Throws:
javax.jcr.RepositoryException
-
isEntriesInheriting
protected boolean isEntriesInheriting(javax.jcr.Session session, String path, javax.jcr.security.AccessControlList acList) throws javax.jcr.RepositoryException
- Throws:
javax.jcr.RepositoryException
-
hasAccess
public boolean hasAccess(String relPath, EnumSet<org.pentaho.platform.api.repository2.unified.RepositoryFilePermission> permissions)
Returnstrue
if the user has all of the permissions. The implementation should returnfalse
if either the user does not have access or the file does not exist.- Specified by:
hasAccess
in interfaceIRepositoryFileAclDao
- Parameters:
relPath
- path to filepermissions
- permissions to check- Returns:
true
if user has access
-
toAce
protected org.pentaho.platform.api.repository2.unified.RepositoryFileAce toAce(javax.jcr.Session session, javax.jcr.security.AccessControlEntry acEntry) throws javax.jcr.RepositoryException
- Throws:
javax.jcr.RepositoryException
-
addAce
public void addAce(Serializable id, org.pentaho.platform.api.repository2.unified.RepositoryFileSid recipient, EnumSet<org.pentaho.platform.api.repository2.unified.RepositoryFilePermission> permission)
Description copied from interface:IRepositoryFileAclDao
Adds ACE to end of ACL. ACL should already have been created.IRepositoryFileAclDao.updateAcl(RepositoryFileAcl)
should not need to be called after this method returns.- Specified by:
addAce
in interfaceIRepositoryFileAclDao
- Parameters:
id
- file idrecipient
- recipient of permissionpermission
- permission to set
-
createAcl
public org.pentaho.platform.api.repository2.unified.RepositoryFileAcl createAcl(Serializable fileId, org.pentaho.platform.api.repository2.unified.RepositoryFileAcl acl)
Description copied from interface:IRepositoryFileAclDao
Creates an ACL.- Specified by:
createAcl
in interfaceIRepositoryFileAclDao
- Parameters:
fileId
- file idacl
- file acl- Returns:
- acl with id populated
-
getAcl
public org.pentaho.platform.api.repository2.unified.RepositoryFileAcl getAcl(Serializable id)
Description copied from interface:IRepositoryFileAclDao
Returns ACL for file.- Specified by:
getAcl
in interfaceIRepositoryFileAclDao
- Parameters:
id
- file id- Returns:
- access control list
-
getParentAcl
protected org.pentaho.platform.api.repository2.unified.RepositoryFileAcl getParentAcl(Serializable id)
-
setFullControl
public void setFullControl(Serializable id, org.pentaho.platform.api.repository2.unified.RepositoryFileSid sid, org.pentaho.platform.api.repository2.unified.RepositoryFilePermission permission)
Description copied from interface:IRepositoryFileAclDao
Gives full control (all permissions) to given sid.IRepositoryFileAclDao.updateAcl(RepositoryFileAcl)
should not need to be called after this method returns.- Specified by:
setFullControl
in interfaceIRepositoryFileAclDao
- Parameters:
id
- file idsid
- sid that should own the domain object associated with this ACL
-
updateAcl
public org.pentaho.platform.api.repository2.unified.RepositoryFileAcl updateAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl acl)
Description copied from interface:IRepositoryFileAclDao
Updates an ACL.- Specified by:
updateAcl
in interfaceIRepositoryFileAclDao
- Parameters:
acl
- ACL to set; must have non-null id- Returns:
- updated ACL
-
internalUpdateAcl
protected org.pentaho.platform.api.repository2.unified.RepositoryFileAcl internalUpdateAcl(javax.jcr.Session session, PentahoJcrConstants pentahoJcrConstants, Serializable fileId, org.pentaho.platform.api.repository2.unified.RepositoryFileAcl acl) throws javax.jcr.RepositoryException
- Throws:
javax.jcr.RepositoryException
-
-