public class JcrRepositoryFileAclDao extends Object implements IRepositoryFileAclDao
IRepositoryFileAclDao
.
All mutating public methods require checkout and checkin calls since the act of simply calling
AccessControlManager.getApplicablePolicies()
(as is done in
toAcl(Session, PentahoJcrConstants, Serializable)
) will query that the node is allowed to have the
"access controlled" mixin type added. If the node is checked in, this query will return false. See Jackrabbit's
ItemValidator.hasCondition()
.
Modifier and Type | Class and Description |
---|---|
static interface |
JcrRepositoryFileAclDao.IPermissionConversionHelper
Converts between
RepositoryFilePermission and Privilege instances. |
Constructor and Description |
---|
JcrRepositoryFileAclDao(org.springframework.extensions.jcr.JcrTemplate jcrTemplate,
IPathConversionHelper pathConversionHelper,
String tenantAdminAuthorityName) |
Modifier and Type | Method and Description |
---|---|
void |
addAce(Serializable id,
RepositoryFileSid recipient,
EnumSet<RepositoryFilePermission> permission)
Adds ACE to end of ACL.
|
RepositoryFileAcl |
createAcl(Serializable fileId,
RepositoryFileAcl acl)
Creates an ACL.
|
RepositoryFileAcl |
getAcl(Serializable id)
Returns ACL for file.
|
List<RepositoryFileAce> |
getEffectiveAces(Serializable id,
boolean forceEntriesInheriting)
Returns the list of access control entries that will be used to make an access control decision.
|
protected String |
getOwner(javax.jcr.Session session,
String path,
javax.jcr.security.AccessControlList acList) |
protected RepositoryFileAcl |
getParentAcl(Serializable id) |
boolean |
hasAccess(String relPath,
EnumSet<RepositoryFilePermission> permissions)
Returns
true if the user has all of the permissions. |
protected RepositoryFileAcl |
internalUpdateAcl(javax.jcr.Session session,
PentahoJcrConstants pentahoJcrConstants,
Serializable fileId,
RepositoryFileAcl acl) |
protected boolean |
isEntriesInheriting(javax.jcr.Session session,
String path,
javax.jcr.security.AccessControlList acList) |
void |
setFullControl(Serializable id,
RepositoryFileSid sid,
RepositoryFilePermission permission)
Gives full control (all permissions) to given sid.
|
protected RepositoryFileAce |
toAce(javax.jcr.Session session,
javax.jcr.security.AccessControlEntry acEntry) |
RepositoryFileAcl |
updateAcl(RepositoryFileAcl acl)
Updates an ACL.
|
public JcrRepositoryFileAclDao(org.springframework.extensions.jcr.JcrTemplate jcrTemplate, IPathConversionHelper pathConversionHelper, String tenantAdminAuthorityName)
public List<RepositoryFileAce> getEffectiveAces(Serializable id, boolean forceEntriesInheriting)
getEffectiveAces
in interface IRepositoryFileAclDao
id
- file idforceEntriesInheriting
- true
to treat ACL as if isEntriesInheriting
was true; this avoids having the caller
fetch the parent of ACL belonging to file with fileId
; no change is persisted to the ACLprotected String getOwner(javax.jcr.Session session, String path, javax.jcr.security.AccessControlList acList) throws javax.jcr.RepositoryException
javax.jcr.RepositoryException
protected boolean isEntriesInheriting(javax.jcr.Session session, String path, javax.jcr.security.AccessControlList acList) throws javax.jcr.RepositoryException
javax.jcr.RepositoryException
public boolean hasAccess(String relPath, EnumSet<RepositoryFilePermission> permissions)
true
if the user has all of the permissions. The implementation should return false
if
either the user does not have access or the file does not exist.hasAccess
in interface IRepositoryFileAclDao
relPath
- path to filepermissions
- permissions to checktrue
if user has accessprotected RepositoryFileAce toAce(javax.jcr.Session session, javax.jcr.security.AccessControlEntry acEntry) throws javax.jcr.RepositoryException
javax.jcr.RepositoryException
public void addAce(Serializable id, RepositoryFileSid recipient, EnumSet<RepositoryFilePermission> permission)
IRepositoryFileAclDao
IRepositoryFileAclDao.updateAcl(RepositoryFileAcl)
should not
need to be called after this method returns.addAce
in interface IRepositoryFileAclDao
id
- file idrecipient
- recipient of permissionpermission
- permission to setpublic RepositoryFileAcl createAcl(Serializable fileId, RepositoryFileAcl acl)
IRepositoryFileAclDao
createAcl
in interface IRepositoryFileAclDao
fileId
- file idacl
- file aclpublic RepositoryFileAcl getAcl(Serializable id)
IRepositoryFileAclDao
getAcl
in interface IRepositoryFileAclDao
id
- file idprotected RepositoryFileAcl getParentAcl(Serializable id)
public void setFullControl(Serializable id, RepositoryFileSid sid, RepositoryFilePermission permission)
IRepositoryFileAclDao
IRepositoryFileAclDao.updateAcl(RepositoryFileAcl)
should not need to be
called after this method returns.setFullControl
in interface IRepositoryFileAclDao
id
- file idsid
- sid that should own the domain object associated with this ACLpublic RepositoryFileAcl updateAcl(RepositoryFileAcl acl)
IRepositoryFileAclDao
updateAcl
in interface IRepositoryFileAclDao
acl
- ACL to set; must have non-null idprotected RepositoryFileAcl internalUpdateAcl(javax.jcr.Session session, PentahoJcrConstants pentahoJcrConstants, Serializable fileId, RepositoryFileAcl acl) throws javax.jcr.RepositoryException
javax.jcr.RepositoryException
Copyright © 2017 Hitachi Vantara. All rights reserved.