Package org.apache.jackrabbit.oak.security.authorization.permission

Class PermissionProviderImpl

java.lang.Object
org.apache.jackrabbit.oak.security.authorization.permission.PermissionProviderImpl
All Implemented Interfaces:
AccessControlConstants, AggregatedPermissionProvider, PermissionConstants, PermissionProvider
Direct Known Subclasses:
MountPermissionProvider
public class PermissionProviderImpl extends Object implements PermissionProvider, AccessControlConstants, PermissionConstants, AggregatedPermissionProvider

  • Constructor Details

  • Method Details

    • refresh

      public void refresh()
      Description copied from interface: PermissionProvider
      Refresh this PermissionProvider. The implementation is expected to subsequently return permission evaluation results that reflect the most recent revision of the repository.
      Specified by:
      refresh in interface PermissionProvider

    • getPrivileges

      @NotNull public @NotNull Set<String> getPrivileges(@Nullable @Nullable Tree tree)
      Description copied from interface: PermissionProvider
      Returns the set of privilege names which are granted to the set of Principals associated with this provider instance for the specified Tree.
      Specified by:
      getPrivileges in interface PermissionProvider
      Parameters:
      tree - The tree for which the privileges should be retrieved.
      Returns:
      set of privilege names

    • hasPrivileges

      public boolean hasPrivileges(@Nullable @Nullable Tree tree, @NotNull @NotNull String... privilegeNames)
      Description copied from interface: PermissionProvider
      Returns whether the principal set associated with this PrivilegeManager is granted the privileges identified by the specified privilege names for the given tree. In order to test for privileges being granted on a repository level rather than on a particular tree a null tree should be passed to this method.

      Testing a name identifying an aggregate privilege is equivalent to testing each non aggregate privilege name.

      Specified by:
      hasPrivileges in interface PermissionProvider
      Parameters:
      tree - The tree to test for privileges being granted.
      privilegeNames - The name of the privileges.
      Returns:
      true if all privileges are granted; false otherwise.

    • getRepositoryPermission

      @NotNull public @NotNull RepositoryPermission getRepositoryPermission()
      Description copied from interface: PermissionProvider
      Return the RepositoryPermission for the set of Principals associated with this provider instance.
      Specified by:
      getRepositoryPermission in interface PermissionProvider
      Returns:
      The RepositoryPermission for the set of Principals this provider instance has been created for.

    • getTreePermission

      @NotNull public @NotNull TreePermission getTreePermission(@NotNull @NotNull Tree tree, @NotNull @NotNull TreePermission parentPermission)
      Description copied from interface: PermissionProvider
      Return the TreePermission for the set of Principals associated with this provider at the specified tree.
      Specified by:
      getTreePermission in interface PermissionProvider
      Parameters:
      tree - The tree for which the TreePermission object should be built.
      parentPermission - The TreePermission object that has been obtained before for the parent tree.
      Returns:
      The TreePermission object for the specified tree.

    • isGranted

      public boolean isGranted(@NotNull @NotNull Tree tree, @Nullable @Nullable PropertyState property, long permissions)
      Description copied from interface: PermissionProvider
      Test if the specified permissions are granted for the set of Principals associated with this provider instance for the item identified by the given tree and optionally property. This method will only return true if all permissions are granted.
      Specified by:
      isGranted in interface PermissionProvider
      Parameters:
      tree - The Tree to test the permissions for.
      property - A PropertyState if the item to test is a property or null if the item is a Tree.
      permissions - The permissions to be tested.
      Returns:
      true if the specified permissions are granted for the item identified by the given tree and optionally property state.

    • isGranted

      public boolean isGranted(@NotNull @NotNull String oakPath, @NotNull @NotNull String jcrActions)
      Description copied from interface: PermissionProvider
      Tests if the the specified actions are granted at the given path for the set of Principals associated with this provider instance.

      The jcrActions parameter is a comma separated list of action strings such as defined by Session and passed to Session.hasPermission(String, String). When more than one action is specified in the jcrActions parameter, this method will only return true if all of them are granted on the specified path.

      Specified by:
      isGranted in interface PermissionProvider
      Parameters:
      oakPath - A valid oak path.
      jcrActions - The JCR actions that should be tested separated by ','
      Returns:
      true if all actions are granted at the specified path; false otherwise.

    • supportedPrivileges

      @NotNull public @NotNull PrivilegeBits supportedPrivileges(@Nullable @Nullable Tree tree, @Nullable @Nullable PrivilegeBits privilegeBits)
      Description copied from interface: AggregatedPermissionProvider
      Allows to determined the set or subset of privileges evaluated by the implementing permission provider for the specified tree or at the repository level in case the specified tree is null. If the given privilegeBits is null an implementation returns the complete set that is covered by the provider; otherwise the supported subset of the specified privilegeBits is returned. Returning PrivilegeBits.EMPTY indicates that this implementation is not in charge of evaluating the specified privileges and thus will be ignored while computing the composite result of PermissionProvider.getPrivileges(org.apache.jackrabbit.oak.api.Tree) or PermissionProvider.hasPrivileges(org.apache.jackrabbit.oak.api.Tree, String...).
      Specified by:
      supportedPrivileges in interface AggregatedPermissionProvider
      Parameters:
      tree - The tree for which the privileges will be evaluated or null for repository level privileges.
      privilegeBits - The privilege(s) to be tested or null
      Returns:
      The set of privileges or the subset of the given privilegeBits that are supported and evaluated by the implementation at the given tree represented as PrivilegeBits.

    • supportedPermissions

      public long supportedPermissions(@Nullable @Nullable Tree tree, @Nullable @Nullable PropertyState property, long permissions)
      Description copied from interface: AggregatedPermissionProvider
      Allows to determined the set or subset of permissions evaluated by the implementing permission provider for the specified item (identified by tree and optionally property) or at the repository level in case the specified tree is null. Returning Permissions.NO_PERMISSION indicates that this implementation is not in charge of evaluating the specified permissions for the specified item and thus will be ignored while computing the composite result of PermissionProvider.isGranted(Tree, PropertyState, long).
      Specified by:
      supportedPermissions in interface AggregatedPermissionProvider
      Parameters:
      tree - The tree for which the permissions will be evaluated or null for repository level privileges.
      property - The target property or null.
      permissions - The permissions to be tested
      Returns:
      The subset of the given permissions that are supported and evaluated by the implementation for the given item.

    • supportedPermissions

      public long supportedPermissions(@NotNull @NotNull TreeLocation location, long permissions)
      Description copied from interface: AggregatedPermissionProvider
      Allows to determined the set or subset of permissions evaluated by the implementing permission provider for the specified location. Returning Permissions.NO_PERMISSION indicates that this implementation is not in charge of evaluating the specified permissions for the specified location and thus will be ignored while computing the composite result of PermissionProvider.isGranted(String, String) and AggregatedPermissionProvider.isGranted(TreeLocation, long).
      Specified by:
      supportedPermissions in interface AggregatedPermissionProvider
      Parameters:
      location - The tree location for which the permissions will be evaluated.
      permissions - The permissions to be tested
      Returns:
      The subset of the given permissions that are supported and evaluated by the implementation for the given location.

    • supportedPermissions

      public long supportedPermissions(@NotNull @NotNull TreePermission treePermission, @Nullable @Nullable PropertyState property, long permissions)
      Description copied from interface: AggregatedPermissionProvider
      Allows to determined the set or subset of permissions evaluated by the implementing permission provider for the specified tree permission (plus optionally property). Returning Permissions.NO_PERMISSION indicates that this implementation is not in charge of evaluating the specified permissions for the specified tree permission and thus will be ignored while computing the composite result of TreePermission.isGranted(long, PropertyState) and TreePermission.isGranted(long).
      Specified by:
      supportedPermissions in interface AggregatedPermissionProvider
      Parameters:
      treePermission - The target tree permission.
      property - The target property or null.
      permissions - The permissions to be tested
      Returns:
      The subset of the given permissions that are supported and evaluated by the implementation for the given tree permissions.

    • isGranted

      public boolean isGranted(@NotNull @NotNull TreeLocation location, long permissions)
      Description copied from interface: AggregatedPermissionProvider
      Test if the specified permissions are granted for the set of Principals associated with this provider instance for the item identified by the given location and optionally property. This method will only return true if all permissions are granted.
      Specified by:
      isGranted in interface AggregatedPermissionProvider
      Parameters:
      location - The TreeLocation to test the permissions for.
      permissions - The permissions to be tested.
      Returns:
      true if the specified permissions are granted for the existing or non-existing item identified by the given location.

    • getTreePermission

      @NotNull public @NotNull TreePermission getTreePermission(@NotNull @NotNull Tree tree, @NotNull @NotNull TreeType type, @NotNull @NotNull TreePermission parentPermission)
      Description copied from interface: AggregatedPermissionProvider
      Return the TreePermission for the set of Principals associated with this provider at the specified tree with the given type.
      Specified by:
      getTreePermission in interface AggregatedPermissionProvider
      Parameters:
      tree - The tree for which the TreePermission object should be built.
      type - The type of this tree.
      parentPermission - The TreePermission object that has been obtained before for the parent tree.
      Returns:
      The TreePermission object for the specified tree.

    • getPermissionStore

      @NotNull protected @NotNull org.apache.jackrabbit.oak.security.authorization.permission.PermissionStore getPermissionStore(@NotNull @NotNull Root root, @NotNull @NotNull String workspaceName, @NotNull @NotNull RestrictionProvider restrictionProvider)