Package org.pentaho.platform.repository2.unified.jcr

Class JcrRepositoryFileAclDao

  • All Implemented Interfaces:
    IRepositoryFileAclDao
    public class JcrRepositoryFileAclDao
extends Object
implements IRepositoryFileAclDao
    Jackrabbit-based implementation of IRepositoryFileAclDao.

    All mutating public methods require checkout and checkin calls since the act of simply calling AccessControlManager.getApplicablePolicies() (as is done in toAcl(Session, PentahoJcrConstants, Serializable)) will query that the node is allowed to have the "access controlled" mixin type added. If the node is checked in, this query will return false. See Jackrabbit's ItemValidator.hasCondition().

    Author:
    mlowery

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addAce​(Serializable id, org.pentaho.platform.api.repository2.unified.RepositoryFileSid recipient, EnumSet<org.pentaho.platform.api.repository2.unified.RepositoryFilePermission> permission)
      Adds ACE to end of ACL.
      org.pentaho.platform.api.repository2.unified.RepositoryFileAcl createAcl​(Serializable fileId, org.pentaho.platform.api.repository2.unified.RepositoryFileAcl acl)
      Creates an ACL.
      org.pentaho.platform.api.repository2.unified.RepositoryFileAcl getAcl​(Serializable id)
      Returns ACL for file.
      List<org.pentaho.platform.api.repository2.unified.RepositoryFileAce> getEffectiveAces​(Serializable id, boolean forceEntriesInheriting)
      Returns the list of access control entries that will be used to make an access control decision.
      protected String getOwner​(javax.jcr.Session session, String path, javax.jcr.security.AccessControlList acList)  
      protected org.pentaho.platform.api.repository2.unified.RepositoryFileAcl getParentAcl​(Serializable id)  
      boolean hasAccess​(String relPath, EnumSet<org.pentaho.platform.api.repository2.unified.RepositoryFilePermission> permissions)
      Returns true if the user has all of the permissions.
      protected org.pentaho.platform.api.repository2.unified.RepositoryFileAcl internalUpdateAcl​(javax.jcr.Session session, PentahoJcrConstants pentahoJcrConstants, Serializable fileId, org.pentaho.platform.api.repository2.unified.RepositoryFileAcl acl)  
      protected boolean isEntriesInheriting​(javax.jcr.Session session, String path, javax.jcr.security.AccessControlList acList)  
      void setFullControl​(Serializable id, org.pentaho.platform.api.repository2.unified.RepositoryFileSid sid, org.pentaho.platform.api.repository2.unified.RepositoryFilePermission permission)
      Gives full control (all permissions) to given sid.
      protected org.pentaho.platform.api.repository2.unified.RepositoryFileAce toAce​(javax.jcr.Session session, javax.jcr.security.AccessControlEntry acEntry)  
      org.pentaho.platform.api.repository2.unified.RepositoryFileAcl updateAcl​(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl acl)
      Updates an ACL.

    • Constructor Detail

      • JcrRepositoryFileAclDao

        public JcrRepositoryFileAclDao​(org.springframework.extensions.jcr.JcrTemplate jcrTemplate,
                               IPathConversionHelper pathConversionHelper,
                               String tenantAdminAuthorityName)

    • Method Detail

      • getEffectiveAces

        public List<org.pentaho.platform.api.repository2.unified.RepositoryFileAce> getEffectiveAces​(Serializable id,
                                                                                             boolean forceEntriesInheriting)
        Returns the list of access control entries that will be used to make an access control decision.
        Specified by:
        getEffectiveAces in interface IRepositoryFileAclDao
        Parameters:
        id - file id
        forceEntriesInheriting - true to treat ACL as if isEntriesInheriting was true; this avoids having the caller fetch the parent of ACL belonging to file with fileId; no change is persisted to the ACL
        Returns:
        list of ACEs

      • getOwner

        protected String getOwner​(javax.jcr.Session session,
                          String path,
                          javax.jcr.security.AccessControlList acList)
                   throws javax.jcr.RepositoryException
        Throws:
        javax.jcr.RepositoryException

      • isEntriesInheriting

        protected boolean isEntriesInheriting​(javax.jcr.Session session,
                                      String path,
                                      javax.jcr.security.AccessControlList acList)
                               throws javax.jcr.RepositoryException
        Throws:
        javax.jcr.RepositoryException

      • hasAccess

        public boolean hasAccess​(String relPath,
                         EnumSet<org.pentaho.platform.api.repository2.unified.RepositoryFilePermission> permissions)
        Returns true if the user has all of the permissions. The implementation should return false if either the user does not have access or the file does not exist.
        Specified by:
        hasAccess in interface IRepositoryFileAclDao
        Parameters:
        relPath - path to file
        permissions - permissions to check
        Returns:
        true if user has access

      • toAce

        protected org.pentaho.platform.api.repository2.unified.RepositoryFileAce toAce​(javax.jcr.Session session,
                                                                               javax.jcr.security.AccessControlEntry acEntry)
                                                                        throws javax.jcr.RepositoryException
        Throws:
        javax.jcr.RepositoryException

      • addAce

        public void addAce​(Serializable id,
                   org.pentaho.platform.api.repository2.unified.RepositoryFileSid recipient,
                   EnumSet<org.pentaho.platform.api.repository2.unified.RepositoryFilePermission> permission)
        Description copied from interface: IRepositoryFileAclDao
        Adds ACE to end of ACL. ACL should already have been created. IRepositoryFileAclDao.updateAcl(RepositoryFileAcl) should not need to be called after this method returns.
        Specified by:
        addAce in interface IRepositoryFileAclDao
        Parameters:
        id - file id
        recipient - recipient of permission
        permission - permission to set

      • createAcl

        public org.pentaho.platform.api.repository2.unified.RepositoryFileAcl createAcl​(Serializable fileId,
                                                                                org.pentaho.platform.api.repository2.unified.RepositoryFileAcl acl)
        Description copied from interface: IRepositoryFileAclDao
        Creates an ACL.
        Specified by:
        createAcl in interface IRepositoryFileAclDao
        Parameters:
        fileId - file id
        acl - file acl
        Returns:
        acl with id populated

      • getAcl

        public org.pentaho.platform.api.repository2.unified.RepositoryFileAcl getAcl​(Serializable id)
        Description copied from interface: IRepositoryFileAclDao
        Returns ACL for file.
        Specified by:
        getAcl in interface IRepositoryFileAclDao
        Parameters:
        id - file id
        Returns:
        access control list

      • getParentAcl

        protected org.pentaho.platform.api.repository2.unified.RepositoryFileAcl getParentAcl​(Serializable id)

      • setFullControl

        public void setFullControl​(Serializable id,
                           org.pentaho.platform.api.repository2.unified.RepositoryFileSid sid,
                           org.pentaho.platform.api.repository2.unified.RepositoryFilePermission permission)
        Description copied from interface: IRepositoryFileAclDao
        Gives full control (all permissions) to given sid. IRepositoryFileAclDao.updateAcl(RepositoryFileAcl) should not need to be called after this method returns.
        Specified by:
        setFullControl in interface IRepositoryFileAclDao
        Parameters:
        id - file id
        sid - sid that should own the domain object associated with this ACL

      • updateAcl

        public org.pentaho.platform.api.repository2.unified.RepositoryFileAcl updateAcl​(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl acl)
        Description copied from interface: IRepositoryFileAclDao
        Updates an ACL.
        Specified by:
        updateAcl in interface IRepositoryFileAclDao
        Parameters:
        acl - ACL to set; must have non-null id
        Returns:
        updated ACL

      • internalUpdateAcl

        protected org.pentaho.platform.api.repository2.unified.RepositoryFileAcl internalUpdateAcl​(javax.jcr.Session session,
                                                                                           PentahoJcrConstants pentahoJcrConstants,
                                                                                           Serializable fileId,
                                                                                           org.pentaho.platform.api.repository2.unified.RepositoryFileAcl acl)
                                                                                    throws javax.jcr.RepositoryException
        Throws:
        javax.jcr.RepositoryException