Class ACLJCRAmetysObjectHelper
java.lang.Object
org.ametys.plugins.repository.jcr.ACLJCRAmetysObjectHelper
- All Implemented Interfaces:
LogEnabled
,Component
,Serviceable
Helper for implementing
ModifiableACLAmetysObject
in JCR under its node.-
Field Summary
Modifier and TypeFieldDescriptionprotected static javax.jcr.Repository
The repositoryprotected static AmetysObjectResolver
The AmetysObject resolver -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionstatic void
addAllowedGroups
(Set<GroupIdentity> groups, javax.jcr.Node node, String profileId) static void
addAllowedProfilesForAnonymous
(javax.jcr.Node node, Set<String> profileIds) static void
addAllowedProfilesForAnyConnectedUser
(javax.jcr.Node node, Set<String> profileIds) static void
addAllowedUsers
(Set<UserIdentity> users, javax.jcr.Node node, String profileId) static void
addDeniedGroups
(Set<GroupIdentity> groups, javax.jcr.Node node, String profileId) static void
addDeniedProfilesForAnonymous
(javax.jcr.Node node, Set<String> profileIds) static void
addDeniedProfilesForAnyConnectedUser
(javax.jcr.Node node, Set<String> profileIds) static void
addDeniedUsers
(Set<UserIdentity> users, javax.jcr.Node node, String profileId) static void
disallowInheritance
(javax.jcr.Node node, boolean disallow) static javax.jcr.NodeIterator
getACLGroups
(GroupIdentity group, String rootPath, Expression predicat) Returns all ACL objects for a given group (ametys:acl-group nodes)static javax.jcr.NodeIterator
getACLGroups
(Expression predicat) Returns all ACL objects for groups (ametys:acl-group nodes)static javax.jcr.NodeIterator
getACLRoots
(String rootPath, Expression predicat) Returns all ACL root objects (ametys:acl nodes)static javax.jcr.NodeIterator
getACLUsers
(UserIdentity user, String rootPath, Expression predicat) Returns all ACL objects for a given user (ametys:acl-user nodes)static javax.jcr.NodeIterator
getACLUsers
(Expression predicat) Returns all ACL objects for users (ametys:acl-user nodes)Gets all contexts with stored profiles (allowed or denied) for anonymous or any connected user and for each, a description of the permissiongetAllProfilesForGroups
(Set<GroupIdentity> groups) Gets all context with stored profiles (allowed or denied) for the groups and for each, a description of the permission Gets the groups that have allowed profiles assigned on the given objectGets all context with stored profiles (allowed or denied) for the user and for each, a description of the permissiongetProfilesForAnonymousAndAnyConnectedUser
(javax.jcr.Node node) getProfilesForGroups
(javax.jcr.Node node, Set<GroupIdentity> groups) getProfilesForUsers
(javax.jcr.Node node, UserIdentity user) hasAnonymousAnyAllowedProfile
(Set<? extends Object> rootNodes, Set<String> profileIds) Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for anonymoushasAnyConnectedAnyAllowedProfile
(Set<? extends Object> rootNodes, Set<String> profileIds) Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for any connected userhasGroupAnyAllowedProfile
(Set<? extends Object> rootNodes, Set<GroupIdentity> groups, Set<String> profileIds) Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for the grouphasUserAnyAllowedProfile
(Set<? extends Object> rootNodes, UserIdentity user, Set<String> profileIds) Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for the userstatic boolean
isInheritanceDisallowed
(javax.jcr.Node node) Helper forACLAmetysObject.isInheritanceDisallowed()
static void
removeAllowedGroups
(Set<GroupIdentity> groups, javax.jcr.Node node) static void
removeAllowedGroups
(Set<GroupIdentity> groups, javax.jcr.Node node, String profileId) static void
removeAllowedProfilesForAnonymous
(javax.jcr.Node node, Set<String> profileIds) static void
removeAllowedProfilesForAnyConnectedUser
(javax.jcr.Node node, Set<String> profileIds) static void
removeAllowedUsers
(Set<UserIdentity> users, javax.jcr.Node node) static void
removeAllowedUsers
(Set<UserIdentity> users, javax.jcr.Node node, String profileId) static void
removeDeniedGroups
(Set<GroupIdentity> groups, javax.jcr.Node node) static void
removeDeniedGroups
(Set<GroupIdentity> groups, javax.jcr.Node node, String profileId) static void
removeDeniedProfilesForAnonymous
(javax.jcr.Node node, Set<String> profileIds) static void
removeDeniedProfilesForAnyConnectedUser
(javax.jcr.Node node, Set<String> profileIds) static void
removeDeniedUsers
(Set<UserIdentity> users, javax.jcr.Node node) static void
removeDeniedUsers
(Set<UserIdentity> users, javax.jcr.Node node, String profileId) static void
removeGroup
(GroupIdentity group) static void
removeProfile
(String profileId) static void
removeUser
(UserIdentity user) void
service
(ServiceManager manager) void
Called at creation time to provide aLogger
.
-
Field Details
-
_resolver
The AmetysObject resolver -
_repository
The repository
-
-
Constructor Details
-
ACLJCRAmetysObjectHelper
public ACLJCRAmetysObjectHelper()
-
-
Method Details
-
service
- Specified by:
service
in interfaceServiceable
- Throws:
ServiceException
-
setLogger
Description copied from interface:LogEnabled
Called at creation time to provide aLogger
.- Specified by:
setLogger
in interfaceLogEnabled
- Parameters:
logger
- aLogger
for messages.
-
hasUserAnyAllowedProfile
public static Set<String> hasUserAnyAllowedProfile(Set<? extends Object> rootNodes, UserIdentity user, Set<String> profileIds) Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for the user- Parameters:
user
- The userprofileIds
- The ids of the profiles to checkrootNodes
- The JCR root nodes where starts the query search (must be something like "//element(myNode, ametys:collection)"), it will be the beginning of the JCR query. Can be null to not restrict the search.- Returns:
- If the Set is empty, it means the user has no matching profile.
If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the user AND it can contains some other profiles that were not in the given profiles
-
hasGroupAnyAllowedProfile
public static Set<String> hasGroupAnyAllowedProfile(Set<? extends Object> rootNodes, Set<GroupIdentity> groups, Set<String> profileIds) Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for the group- Parameters:
groups
- The groupsprofileIds
- The ids of the profilesrootNodes
- The JCR root nodes where starts the query search (must be something like "//element(myNode, ametys:collection)"), it will be the beginning of the JCR query. Can be null to not restrict the search.- Returns:
- If the Set is empty, it means the group has no matching profile.
If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the group AND it can contains some other profiles that were not in the given profiles
-
hasAnyConnectedAnyAllowedProfile
public static Set<String> hasAnyConnectedAnyAllowedProfile(Set<? extends Object> rootNodes, Set<String> profileIds) Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for any connected user- Parameters:
profileIds
- The ids of the profilesrootNodes
- The JCR root nodes where starts the query search (must be something like "//element(myNode, ametys:collection)"), it will be the beginning of the JCR query. Can be null to not restrict the search.- Returns:
- If the Set is empty, it means any connected user has no matching profile.
If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anyconnected user AND it can contains some other profiles that were not in the given profiles
-
hasAnonymousAnyAllowedProfile
public static Set<String> hasAnonymousAnyAllowedProfile(Set<? extends Object> rootNodes, Set<String> profileIds) Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for anonymous- Parameters:
profileIds
- The ids of the profilesrootNodes
- The JCR root nodes where starts the query search (must be something like "//element(myNode, ametys:collection)"), it will be the beginning of the JCR query. Can be null to not restrict the search.- Returns:
- If the Set is empty, it means anonymous has no matching profile.
If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anonymous AND it can contains some other profiles that were not in the given profiles
-
getAllProfilesForAnonymousAndAnyConnectedUser
public static Map<Object,Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys, getAllProfilesForAnonymousAndAnyConnectedUser()Set<String>>> Gets all contexts with stored profiles (allowed or denied) for anonymous or any connected user and for each, a description of the permission- Returns:
- a map associating a context object to the stored profile for each permission
-
getAllProfilesForGroups
public static Map<Object,Map<GroupIdentity, getAllProfilesForGroupsMap<ProfileAssignmentStorage.UserOrGroup, Set<String>>>> (Set<GroupIdentity> groups) Gets all context with stored profiles (allowed or denied) for the groups and for each, a description of the permission Gets the groups that have allowed profiles assigned on the given object- Parameters:
groups
- The groups to get profiles for.- Returns:
- The map of context with their assigned permissions
-
getAllProfilesForUser
public static Map<Object,Map<ProfileAssignmentStorage.UserOrGroup, getAllProfilesForUserSet<String>>> (UserIdentity user) Gets all context with stored profiles (allowed or denied) for the user and for each, a description of the permission- Parameters:
user
- The user to get profiles for.- Returns:
- The map of context with their assigned allowed/denied profiles
-
getACLRoots
Returns all ACL root objects (ametys:acl nodes)- Parameters:
rootPath
- The root path to restrict the search. Can be null.predicat
- The predicat expression. Can be null.- Returns:
- The ACL root objects
-
getACLUsers
public static javax.jcr.NodeIterator getACLUsers(UserIdentity user, String rootPath, Expression predicat) Returns all ACL objects for a given user (ametys:acl-user nodes)- Parameters:
user
- The userrootPath
- The root path to restrict the search. Can be null.predicat
- The predicat expression. Can be null.- Returns:
- The ACL user objects for user
-
getACLUsers
Returns all ACL objects for users (ametys:acl-user nodes)- Parameters:
predicat
- The predicat expression. Can be null.- Returns:
- The ACL user objects for users
-
getACLGroups
Returns all ACL objects for groups (ametys:acl-group nodes)- Parameters:
predicat
- The predicat expression. Can be null.- Returns:
- The ACL group objects for groups
-
getACLGroups
public static javax.jcr.NodeIterator getACLGroups(GroupIdentity group, String rootPath, Expression predicat) Returns all ACL objects for a given group (ametys:acl-group nodes)- Parameters:
group
- The grouprootPath
- The root path to restrict the search. Can be null.predicat
- The predicat expression. Can be null.- Returns:
- The ACL user objects for groups
-
getProfilesForAnonymousAndAnyConnectedUser
public static Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys,Set<String>> getProfilesForAnonymousAndAnyConnectedUser(javax.jcr.Node node) - Parameters:
node
- The JCR node for the Ametys object- Returns:
- a map containing allowed/denied profiles that anonymous and any connected user has on the given object
-
addAllowedProfilesForAnyConnectedUser
public static void addAllowedProfilesForAnyConnectedUser(javax.jcr.Node node, Set<String> profileIds) - Parameters:
node
- The JCR node for the Ametys objectprofileIds
- The profiles to add
-
removeAllowedProfilesForAnyConnectedUser
public static void removeAllowedProfilesForAnyConnectedUser(javax.jcr.Node node, Set<String> profileIds) - Parameters:
node
- The JCR node for the Ametys objectprofileIds
- The profiles to remove
-
addDeniedProfilesForAnyConnectedUser
public static void addDeniedProfilesForAnyConnectedUser(javax.jcr.Node node, Set<String> profileIds) - Parameters:
node
- The JCR node for the Ametys objectprofileIds
- The profiles to add
-
removeDeniedProfilesForAnyConnectedUser
public static void removeDeniedProfilesForAnyConnectedUser(javax.jcr.Node node, Set<String> profileIds) - Parameters:
node
- The JCR node for the Ametys objectprofileIds
- The profiles to remove
-
addAllowedProfilesForAnonymous
- Parameters:
node
- The JCR node for the Ametys objectprofileIds
- The profiles to add
-
removeAllowedProfilesForAnonymous
- Parameters:
node
- The JCR node for the Ametys objectprofileIds
- The profiles to remove
-
addDeniedProfilesForAnonymous
- Parameters:
node
- The JCR node for the Ametys objectprofileIds
- The profiles to add
-
removeDeniedProfilesForAnonymous
- Parameters:
node
- The JCR node for the Ametys objectprofileIds
- The profiles to remove
-
getProfilesForUsers
public static Map<UserIdentity,Map<ProfileAssignmentStorage.UserOrGroup, getProfilesForUsersSet<String>>> (javax.jcr.Node node, UserIdentity user) - Parameters:
node
- The JCR node for the Ametys objectuser
- The user to get profiles for. Can be null to get profiles for all users that have rights- Returns:
- The map of allowed users with their assigned allowed/denied profiles
-
addAllowedUsers
- Parameters:
users
- The users to addnode
- The JCR node for the Ametys objectprofileId
- The id of the profile
-
removeAllowedUsers
public static void removeAllowedUsers(Set<UserIdentity> users, javax.jcr.Node node, String profileId) - Parameters:
users
- The users to removenode
- The JCR node for the Ametys objectprofileId
- The id of the profile
-
removeAllowedUsers
- Parameters:
users
- The users to removenode
- The JCR node for the Ametys object
-
addDeniedUsers
- Parameters:
users
- The users to addnode
- The JCR node for the Ametys objectprofileId
- The id of the profile
-
removeDeniedUsers
public static void removeDeniedUsers(Set<UserIdentity> users, javax.jcr.Node node, String profileId) - Parameters:
users
- The users to removenode
- The JCR node for the Ametys objectprofileId
- The id of the profile
-
removeDeniedUsers
- Parameters:
users
- The users to removenode
- The JCR node for the Ametys object
-
getProfilesForGroups
public static Map<GroupIdentity,Map<ProfileAssignmentStorage.UserOrGroup, getProfilesForGroupsSet<String>>> (javax.jcr.Node node, Set<GroupIdentity> groups) - Parameters:
node
- The JCR node for the Ametys objectgroups
- The group to get profiles for. Can be null to get profiles for all groups that have rights- Returns:
- The map of allowed/denied groups with their assigned profiles
-
addAllowedGroups
public static void addAllowedGroups(Set<GroupIdentity> groups, javax.jcr.Node node, String profileId) - Parameters:
groups
- The groups to addnode
- The JCR node for the Ametys objectprofileId
- The id of the profile
-
removeAllowedGroups
public static void removeAllowedGroups(Set<GroupIdentity> groups, javax.jcr.Node node, String profileId) - Parameters:
groups
- The groups to removenode
- The JCR node for the Ametys objectprofileId
- The id of the profile
-
removeAllowedGroups
- Parameters:
groups
- The groups to removenode
- The JCR node for the Ametys object
-
addDeniedGroups
public static void addDeniedGroups(Set<GroupIdentity> groups, javax.jcr.Node node, String profileId) - Parameters:
groups
- The groups to addnode
- The JCR node for the Ametys objectprofileId
- The id of the profile
-
removeDeniedGroups
public static void removeDeniedGroups(Set<GroupIdentity> groups, javax.jcr.Node node, String profileId) - Parameters:
groups
- The groups to removenode
- The JCR node for the Ametys objectprofileId
- The id of the profile
-
removeDeniedGroups
- Parameters:
groups
- The groups to removenode
- The JCR node for the Ametys object
-
removeProfile
- Parameters:
profileId
- The id of the profile
-
removeUser
- Parameters:
user
- The user
-
removeGroup
- Parameters:
group
- The group
-
isInheritanceDisallowed
Helper forACLAmetysObject.isInheritanceDisallowed()
- Parameters:
node
- The JCR node for the Ametys object- Returns:
- true if the inheritance is disallow of the given node
-
disallowInheritance
- Parameters:
node
- The JCR node for the Ametys objectdisallow
- true to disallow the inheritance, false otherwise
-