Package org.ametys.plugins.repository.jcr

Class ACLJCRAmetysObjectHelper

java.lang.Object

org.ametys.plugins.repository.jcr.ACLJCRAmetysObjectHelper

All Implemented Interfaces:

LogEnabled, Component, Serviceable

public class ACLJCRAmetysObjectHelper
extends Object
implements Component, Serviceable, LogEnabled

Helper for implementing ModifiableACLAmetysObject in JCR under its node.

Field Summary

Fields

Modifier and Type	Field	Description
protected static Repository	_repository	The repository
protected static AmetysObjectResolver	_resolver	The AmetysObject resolver

Constructor Summary

Constructors

Constructor	Description
ACLJCRAmetysObjectHelper()

Method Summary

Modifier and Type	Method	Description
static void	addAllowedGroups(Set<GroupIdentity> groups, Node node, String profileId)	Helper for ModifiableACLAmetysObject.addAllowedGroups(Set, String)
static void	addAllowedProfilesForAnonymous(Node node, Set<String> profileIds)	Helper for ModifiableACLAmetysObject.addAllowedProfilesForAnonymous(Set)
static void	addAllowedProfilesForAnyConnectedUser(Node node, Set<String> profileIds)	Helper for ModifiableACLAmetysObject.addAllowedProfilesForAnyConnectedUser(Set)
static void	addAllowedUsers(Set<UserIdentity> users, Node node, String profileId)	Helper for ModifiableACLAmetysObject.addAllowedUsers(Set, String)
static void	addDeniedGroups(Set<GroupIdentity> groups, Node node, String profileId)	Helper for ModifiableACLAmetysObject.addDeniedGroups(Set, String)
static void	addDeniedProfilesForAnonymous(Node node, Set<String> profileIds)	Helper for ModifiableACLAmetysObject.addDeniedProfilesForAnyConnectedUser(Set)
static void	addDeniedProfilesForAnyConnectedUser(Node node, Set<String> profileIds)	Helper for ModifiableACLAmetysObject.addDeniedProfilesForAnyConnectedUser(Set)
static void	addDeniedUsers(Set<UserIdentity> users, Node node, String profileId)	Helper for ModifiableACLAmetysObject.addDeniedUsers(Set, String)
static void	disallowInheritance(Node node, boolean disallow)	Helper for ModifiableACLAmetysObject.disallowInheritance(boolean)
static NodeIterator	getACLGroups(GroupIdentity group, String rootPath, Expression predicat)	Returns all ACL objects for a given group (ametys:acl-group nodes)
static NodeIterator	getACLGroups(Expression predicat)	Returns all ACL objects for groups (ametys:acl-group nodes)
static NodeIterator	getACLRoots(String rootPath, Expression predicat)	Returns all ACL root objects (ametys:acl nodes)
static NodeIterator	getACLUsers(UserIdentity user, String rootPath, Expression predicat)	Returns all ACL objects for a given user (ametys:acl-user nodes)
static NodeIterator	getACLUsers(Expression predicat)	Returns all ACL objects for users (ametys:acl-user nodes)
static Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys,Set<String>>	getProfilesForAnonymousAndAnyConnectedUser(Node node)	Helper for ACLAmetysObject.getProfilesForAnonymousAndAnyConnectedUser()
static Map<GroupIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>>	getProfilesForGroups(Node node, Set<GroupIdentity> groups)	Helper for ACLAmetysObject.getProfilesForGroups(java.util.Set<org.ametys.core.group.GroupIdentity>)
static Map<UserIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>>	getProfilesForUsers(Node node, UserIdentity user)	Helper for ACLAmetysObject.getProfilesForUsers(org.ametys.core.user.UserIdentity)
static Set<String>	hasAnonymousAnyAllowedProfile(Set<? extends Object> rootNodes, Set<String> profileIds)	Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for anonymous
static Set<String>	hasAnyConnectedAnyAllowedProfile(Set<? extends Object> rootNodes, Set<String> profileIds)	Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for any connected user
static Set<String>	hasGroupAnyAllowedProfile(Set<? extends Object> rootNodes, Set<GroupIdentity> groups, Set<String> profileIds)	Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for the group
static Set<String>	hasUserAnyAllowedProfile(Set<? extends Object> rootNodes, UserIdentity user, Set<String> profileIds)	Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for the user
static boolean	isInheritanceDisallowed(Node node)	Helper for ACLAmetysObject.isInheritanceDisallowed()
static void	removeAllowedGroups(Set<GroupIdentity> groups, Node node)	Helper for ModifiableACLAmetysObject.removeAllowedGroups(Set)
static void	removeAllowedGroups(Set<GroupIdentity> groups, Node node, String profileId)	Helper for ModifiableACLAmetysObject.removeAllowedGroups(Set, String)
static void	removeAllowedProfilesForAnonymous(Node node, Set<String> profileIds)	Helper for ModifiableACLAmetysObject.removeAllowedProfilesForAnonymous(Set)
static void	removeAllowedProfilesForAnyConnectedUser(Node node, Set<String> profileIds)	Helper for ModifiableACLAmetysObject.removeAllowedProfilesForAnyConnectedUser(Set)
static void	removeAllowedUsers(Set<UserIdentity> users, Node node)	Helper for ModifiableACLAmetysObject.removeAllowedGroups(Set)
static void	removeAllowedUsers(Set<UserIdentity> users, Node node, String profileId)	Helper for ModifiableACLAmetysObject.removeAllowedUsers(Set, String)
static void	removeDeniedGroups(Set<GroupIdentity> groups, Node node)	Helper for ModifiableACLAmetysObject.removeDeniedGroups(Set)
static void	removeDeniedGroups(Set<GroupIdentity> groups, Node node, String profileId)	Helper for ModifiableACLAmetysObject.removeDeniedGroups(Set, String)
static void	removeDeniedProfilesForAnonymous(Node node, Set<String> profileIds)	Helper for ModifiableACLAmetysObject.removeDeniedProfilesForAnyConnectedUser(Set)
static void	removeDeniedProfilesForAnyConnectedUser(Node node, Set<String> profileIds)	Helper for ModifiableACLAmetysObject.removeDeniedProfilesForAnyConnectedUser(Set)
static void	removeDeniedUsers(Set<UserIdentity> users, Node node)	Helper for ModifiableACLAmetysObject.removeDeniedUsers(Set)
static void	removeDeniedUsers(Set<UserIdentity> users, Node node, String profileId)	Helper for ModifiableACLAmetysObject.removeDeniedUsers(Set, String)
static void	removeGroup(GroupIdentity group)	Helper for ModifiableACLAmetysObjectProfileAssignmentStorage.removeGroup(GroupIdentity)
static void	removeProfile(String profileId)	Helper for ModifiableACLAmetysObjectProfileAssignmentStorage.removeProfile(String)
static void	removeUser(UserIdentity user)	Helper for ModifiableACLAmetysObjectProfileAssignmentStorage.removeUser(UserIdentity)
void	service(ServiceManager manager)
void	setLogger(org.slf4j.Logger logger)	Called at creation time to provide a Logger.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

_resolver

protected static AmetysObjectResolver _resolver

The AmetysObject resolver

_repository

protected static Repository _repository

The repository

Constructor Detail

ACLJCRAmetysObjectHelper

public ACLJCRAmetysObjectHelper()

Method Detail

service

public void service(ServiceManager manager)
             throws ServiceException

Specified by:

service in interface Serviceable

Throws:

ServiceException

setLogger

public void setLogger(org.slf4j.Logger logger)

Description copied from interface: LogEnabled

Called at creation time to provide a Logger.

Specified by:

setLogger in interface LogEnabled

Parameters:

logger - a Logger for messages.

hasUserAnyAllowedProfile

public static Set<String> hasUserAnyAllowedProfile(Set<? extends Object> rootNodes,
                                                   UserIdentity user,
                                                   Set<String> profileIds)

Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for the user

Parameters:

user - The user

profileIds - The ids of the profiles to check

rootNodes - The JCR root nodes where starts the query search (must be something like "//element(myNode, ametys:collection)"), it will be the beginning of the JCR query. Can be null to not restrict the search.

Returns:

If the Set is empty, it means the user has no matching profile.
If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the user AND it can contains some other profiles that were not in the given profiles

hasGroupAnyAllowedProfile

public static Set<String> hasGroupAnyAllowedProfile(Set<? extends Object> rootNodes,
                                                    Set<GroupIdentity> groups,
                                                    Set<String> profileIds)

Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for the group

Parameters:

groups - The groups

profileIds - The ids of the profiles

rootNodes - The JCR root nodes where starts the query search (must be something like "//element(myNode, ametys:collection)"), it will be the beginning of the JCR query. Can be null to not restrict the search.

Returns:

If the Set is empty, it means the group has no matching profile.
If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for the group AND it can contains some other profiles that were not in the given profiles

hasAnyConnectedAnyAllowedProfile

public static Set<String> hasAnyConnectedAnyAllowedProfile(Set<? extends Object> rootNodes,
                                                           Set<String> profileIds)

Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for any connected user

Parameters:

profileIds - The ids of the profiles

rootNodes - The JCR root nodes where starts the query search (must be something like "//element(myNode, ametys:collection)"), it will be the beginning of the JCR query. Can be null to not restrict the search.

Returns:

If the Set is empty, it means any connected user has no matching profile.
If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anyconnected user AND it can contains some other profiles that were not in the given profiles

hasAnonymousAnyAllowedProfile

public static Set<String> hasAnonymousAnyAllowedProfile(Set<? extends Object> rootNodes,
                                                        Set<String> profileIds)

Returns some profiles that are matching if any ACL Ametys object has one of the given profiles as allowed for anonymous

Parameters:

profileIds - The ids of the profiles

rootNodes - The JCR root nodes where starts the query search (must be something like "//element(myNode, ametys:collection)"), it will be the beginning of the JCR query. Can be null to not restrict the search.

Returns:

If the Set is empty, it means anonymous has no matching profile.
If the Set is non empty, it contains at least one of the given profile BUT it may not contains all the matching profiles for anonymous AND it can contains some other profiles that were not in the given profiles

getACLRoots

public static NodeIterator getACLRoots(String rootPath,
                                       Expression predicat)

Returns all ACL root objects (ametys:acl nodes)

Parameters:

rootPath - The root path to restrict the search. Can be null.

predicat - The predicat expression. Can be null.

Returns:

The ACL root objects

getACLUsers

public static NodeIterator getACLUsers(UserIdentity user,
                                       String rootPath,
                                       Expression predicat)

Returns all ACL objects for a given user (ametys:acl-user nodes)

Parameters:

user - The user

rootPath - The root path to restrict the search. Can be null.

predicat - The predicat expression. Can be null.

Returns:

The ACL user objects for user

getACLUsers

public static NodeIterator getACLUsers(Expression predicat)

Returns all ACL objects for users (ametys:acl-user nodes)

Parameters:

predicat - The predicat expression. Can be null.

Returns:

The ACL user objects for users

getACLGroups

public static NodeIterator getACLGroups(Expression predicat)

Returns all ACL objects for groups (ametys:acl-group nodes)

Parameters:

predicat - The predicat expression. Can be null.

Returns:

The ACL group objects for groups

getACLGroups

public static NodeIterator getACLGroups(GroupIdentity group,
                                        String rootPath,
                                        Expression predicat)

Returns all ACL objects for a given group (ametys:acl-group nodes)

Parameters:

group - The group

rootPath - The root path to restrict the search. Can be null.

predicat - The predicat expression. Can be null.

Returns:

The ACL user objects for groups

getProfilesForAnonymousAndAnyConnectedUser

public static Map<ProfileAssignmentStorage.AnonymousOrAnyConnectedKeys,Set<String>> getProfilesForAnonymousAndAnyConnectedUser(Node node)

Helper for ACLAmetysObject.getProfilesForAnonymousAndAnyConnectedUser()

Parameters:

node - The JCR node for the Ametys object

Returns:

a map containing allowed/denied profiles that anonymous and any connected user has on the given object

addAllowedProfilesForAnyConnectedUser

public static void addAllowedProfilesForAnyConnectedUser(Node node,
                                                         Set<String> profileIds)

Helper for ModifiableACLAmetysObject.addAllowedProfilesForAnyConnectedUser(Set)

Parameters:

node - The JCR node for the Ametys object

profileIds - The profiles to add

removeAllowedProfilesForAnyConnectedUser

public static void removeAllowedProfilesForAnyConnectedUser(Node node,
                                                            Set<String> profileIds)

Helper for ModifiableACLAmetysObject.removeAllowedProfilesForAnyConnectedUser(Set)

Parameters:

node - The JCR node for the Ametys object

profileIds - The profiles to remove

addDeniedProfilesForAnyConnectedUser

public static void addDeniedProfilesForAnyConnectedUser(Node node,
                                                        Set<String> profileIds)

Helper for ModifiableACLAmetysObject.addDeniedProfilesForAnyConnectedUser(Set)

Parameters:

node - The JCR node for the Ametys object

profileIds - The profiles to add

removeDeniedProfilesForAnyConnectedUser

public static void removeDeniedProfilesForAnyConnectedUser(Node node,
                                                           Set<String> profileIds)

Helper for ModifiableACLAmetysObject.removeDeniedProfilesForAnyConnectedUser(Set)

Parameters:

node - The JCR node for the Ametys object

profileIds - The profiles to remove

addAllowedProfilesForAnonymous

public static void addAllowedProfilesForAnonymous(Node node,
                                                  Set<String> profileIds)

Helper for ModifiableACLAmetysObject.addAllowedProfilesForAnonymous(Set)

Parameters:

node - The JCR node for the Ametys object

profileIds - The profiles to add

removeAllowedProfilesForAnonymous

public static void removeAllowedProfilesForAnonymous(Node node,
                                                     Set<String> profileIds)

Helper for ModifiableACLAmetysObject.removeAllowedProfilesForAnonymous(Set)

Parameters:

node - The JCR node for the Ametys object

profileIds - The profiles to remove

addDeniedProfilesForAnonymous

public static void addDeniedProfilesForAnonymous(Node node,
                                                 Set<String> profileIds)

Helper for ModifiableACLAmetysObject.addDeniedProfilesForAnyConnectedUser(Set)

Parameters:

node - The JCR node for the Ametys object

profileIds - The profiles to add

removeDeniedProfilesForAnonymous

public static void removeDeniedProfilesForAnonymous(Node node,
                                                    Set<String> profileIds)

Helper for ModifiableACLAmetysObject.removeDeniedProfilesForAnyConnectedUser(Set)

Parameters:

node - The JCR node for the Ametys object

profileIds - The profiles to remove

getProfilesForUsers

public static Map<UserIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>> getProfilesForUsers(Node node,
                                                                                                                      UserIdentity user)

Helper for ACLAmetysObject.getProfilesForUsers(org.ametys.core.user.UserIdentity)

Parameters:

node - The JCR node for the Ametys object

user - The user to get profiles for. Can be null to get profiles for all users that have rights

Returns:

The map of allowed users with their assigned allowed/denied profiles

addAllowedUsers

public static void addAllowedUsers(Set<UserIdentity> users,
                                   Node node,
                                   String profileId)

Helper for ModifiableACLAmetysObject.addAllowedUsers(Set, String)

Parameters:

users - The users to add

node - The JCR node for the Ametys object

profileId - The id of the profile

removeAllowedUsers

public static void removeAllowedUsers(Set<UserIdentity> users,
                                      Node node,
                                      String profileId)

Helper for ModifiableACLAmetysObject.removeAllowedUsers(Set, String)

Parameters:

users - The users to remove

node - The JCR node for the Ametys object

profileId - The id of the profile

removeAllowedUsers

public static void removeAllowedUsers(Set<UserIdentity> users,
                                      Node node)

Helper for ModifiableACLAmetysObject.removeAllowedGroups(Set)

Parameters:

users - The users to remove

node - The JCR node for the Ametys object

addDeniedUsers

public static void addDeniedUsers(Set<UserIdentity> users,
                                  Node node,
                                  String profileId)

Helper for ModifiableACLAmetysObject.addDeniedUsers(Set, String)

Parameters:

users - The users to add

node - The JCR node for the Ametys object

profileId - The id of the profile

removeDeniedUsers

public static void removeDeniedUsers(Set<UserIdentity> users,
                                     Node node,
                                     String profileId)

Helper for ModifiableACLAmetysObject.removeDeniedUsers(Set, String)

Parameters:

users - The users to remove

node - The JCR node for the Ametys object

profileId - The id of the profile

removeDeniedUsers

public static void removeDeniedUsers(Set<UserIdentity> users,
                                     Node node)

Helper for ModifiableACLAmetysObject.removeDeniedUsers(Set)

Parameters:

users - The users to remove

node - The JCR node for the Ametys object

getProfilesForGroups

public static Map<GroupIdentity,Map<ProfileAssignmentStorage.UserOrGroup,Set<String>>> getProfilesForGroups(Node node,
                                                                                                                        Set<GroupIdentity> groups)

Helper for ACLAmetysObject.getProfilesForGroups(java.util.Set<org.ametys.core.group.GroupIdentity>)

Parameters:

node - The JCR node for the Ametys object

groups - The group to get profiles for. Can be null to get profiles for all groups that have rights

Returns:

The map of allowed/denied groups with their assigned profiles

addAllowedGroups

public static void addAllowedGroups(Set<GroupIdentity> groups,
                                    Node node,
                                    String profileId)

Helper for ModifiableACLAmetysObject.addAllowedGroups(Set, String)

Parameters:

groups - The groups to add

node - The JCR node for the Ametys object

profileId - The id of the profile

removeAllowedGroups

public static void removeAllowedGroups(Set<GroupIdentity> groups,
                                       Node node,
                                       String profileId)

Helper for ModifiableACLAmetysObject.removeAllowedGroups(Set, String)

Parameters:

groups - The groups to remove

node - The JCR node for the Ametys object

profileId - The id of the profile

removeAllowedGroups

public static void removeAllowedGroups(Set<GroupIdentity> groups,
                                       Node node)

Helper for ModifiableACLAmetysObject.removeAllowedGroups(Set)

Parameters:

groups - The groups to remove

node - The JCR node for the Ametys object

addDeniedGroups

public static void addDeniedGroups(Set<GroupIdentity> groups,
                                   Node node,
                                   String profileId)

Helper for ModifiableACLAmetysObject.addDeniedGroups(Set, String)

Parameters:

groups - The groups to add

node - The JCR node for the Ametys object

profileId - The id of the profile

removeDeniedGroups

public static void removeDeniedGroups(Set<GroupIdentity> groups,
                                      Node node,
                                      String profileId)

Helper for ModifiableACLAmetysObject.removeDeniedGroups(Set, String)

Parameters:

groups - The groups to remove

node - The JCR node for the Ametys object

profileId - The id of the profile

removeDeniedGroups

public static void removeDeniedGroups(Set<GroupIdentity> groups,
                                      Node node)

Helper for ModifiableACLAmetysObject.removeDeniedGroups(Set)

Parameters:

groups - The groups to remove

node - The JCR node for the Ametys object

removeProfile

public static void removeProfile(String profileId)

Helper for ModifiableACLAmetysObjectProfileAssignmentStorage.removeProfile(String)

Parameters:

profileId - The id of the profile

removeUser

public static void removeUser(UserIdentity user)

Helper for ModifiableACLAmetysObjectProfileAssignmentStorage.removeUser(UserIdentity)

Parameters:

user - The user

removeGroup

public static void removeGroup(GroupIdentity group)

Helper for ModifiableACLAmetysObjectProfileAssignmentStorage.removeGroup(GroupIdentity)

Parameters:

group - The group

isInheritanceDisallowed

public static boolean isInheritanceDisallowed(Node node)

Helper for ACLAmetysObject.isInheritanceDisallowed()

Parameters:

node - The JCR node for the Ametys object

Returns:

true if the inheritance is disallow of the given node

disallowInheritance

public static void disallowInheritance(Node node,
                                       boolean disallow)

Helper for ModifiableACLAmetysObject.disallowInheritance(boolean)

Parameters:

node - The JCR node for the Ametys object

disallow - true to disallow the inheritance, false otherwise