Package org.apache.jackrabbit.oak.security.authorization.permission

Class PermissionProviderImpl

    • Method Detail

      • refresh

        public void refresh()
        Description copied from interface: PermissionProvider
        Refresh this PermissionProvider. The implementation is expected to subsequently return permission evaluation results that reflect the most recent revision of the repository.
        Specified by:
        refresh in interface PermissionProvider

      • getPrivileges

        @NotNull
public @NotNull Set<String> getPrivileges​(@Nullable
                                          @Nullable Tree tree)
        Description copied from interface: PermissionProvider
        Returns the set of privilege names which are granted to the set of Principals associated with this provider instance for the specified Tree.
        Specified by:
        getPrivileges in interface PermissionProvider
        Parameters:
        tree - The tree for which the privileges should be retrieved.
        Returns:
        set of privilege names

      • hasPrivileges

        public boolean hasPrivileges​(@Nullable
                             @Nullable Tree tree,
                             @NotNull
                             @NotNull String... privilegeNames)
        Description copied from interface: PermissionProvider
        Returns whether the principal set associated with this PrivilegeManager is granted the privileges identified by the specified privilege names for the given tree. In order to test for privileges being granted on a repository level rather than on a particular tree a null tree should be passed to this method.

        Testing a name identifying an aggregate privilege is equivalent to testing each non aggregate privilege name.

        Specified by:
        hasPrivileges in interface PermissionProvider
        Parameters:
        tree - The tree to test for privileges being granted.
        privilegeNames - The name of the privileges.
        Returns:
        true if all privileges are granted; false otherwise.

      • getTreePermission

        @NotNull
public @NotNull TreePermission getTreePermission​(@NotNull
                                                 @NotNull Tree tree,
                                                 @NotNull
                                                 @NotNull TreePermission parentPermission)
        Description copied from interface: PermissionProvider
        Return the TreePermission for the set of Principals associated with this provider at the specified tree.
        Specified by:
        getTreePermission in interface PermissionProvider
        Parameters:
        tree - The tree for which the TreePermission object should be built.
        parentPermission - The TreePermission object that has been obtained before for the parent tree.
        Returns:
        The TreePermission object for the specified tree.

      • isGranted

        public boolean isGranted​(@NotNull
                         @NotNull Tree tree,
                         @Nullable
                         @Nullable PropertyState property,
                         long permissions)
        Description copied from interface: PermissionProvider
        Test if the specified permissions are granted for the set of Principals associated with this provider instance for the item identified by the given tree and optionally property. This method will only return true if all permissions are granted.
        Specified by:
        isGranted in interface PermissionProvider
        Parameters:
        tree - The Tree to test the permissions for.
        property - A PropertyState if the item to test is a property or null if the item is a Tree.
        permissions - The permissions to be tested.
        Returns:
        true if the specified permissions are granted for the item identified by the given tree and optionally property state.

      • isGranted

        public boolean isGranted​(@NotNull
                         @NotNull String oakPath,
                         @NotNull
                         @NotNull String jcrActions)
        Description copied from interface: PermissionProvider
        Tests if the the specified actions are granted at the given path for the set of Principals associated with this provider instance.

        The jcrActions parameter is a comma separated list of action strings such as defined by Session and passed to Session.hasPermission(String, String). When more than one action is specified in the jcrActions parameter, this method will only return true if all of them are granted on the specified path.

        Specified by:
        isGranted in interface PermissionProvider
        Parameters:
        oakPath - A valid oak path.
        jcrActions - The JCR actions that should be tested separated by ','
        Returns:
        true if all actions are granted at the specified path; false otherwise.

      • supportedPrivileges

        @NotNull
public @NotNull PrivilegeBits supportedPrivileges​(@Nullable
                                                  @Nullable Tree tree,
                                                  @Nullable
                                                  @Nullable PrivilegeBits privilegeBits)
        Description copied from interface: AggregatedPermissionProvider
        Allows to determined the set or subset of privileges evaluated by the implementing permission provider for the specified tree or at the repository level in case the specified tree is null. If the given privilegeBits is null an implementation returns the complete set that is covered by the provider; otherwise the supported subset of the specified privilegeBits is returned. Returning PrivilegeBits.EMPTY indicates that this implementation is not in charge of evaluating the specified privileges and thus will be ignored while computing the composite result of PermissionProvider.getPrivileges(org.apache.jackrabbit.oak.api.Tree) or PermissionProvider.hasPrivileges(org.apache.jackrabbit.oak.api.Tree, String...).
        Specified by:
        supportedPrivileges in interface AggregatedPermissionProvider
        Parameters:
        tree - The tree for which the privileges will be evaluated or null for repository level privileges.
        privilegeBits - The privilege(s) to be tested or null
        Returns:
        The set of privileges or the subset of the given privilegeBits that are supported and evaluated by the implementation at the given tree represented as PrivilegeBits.

      • supportedPermissions

        public long supportedPermissions​(@Nullable
                                 @Nullable Tree tree,
                                 @Nullable
                                 @Nullable PropertyState property,
                                 long permissions)
        Description copied from interface: AggregatedPermissionProvider
        Allows to determined the set or subset of permissions evaluated by the implementing permission provider for the specified item (identified by tree and optionally property) or at the repository level in case the specified tree is null. Returning Permissions.NO_PERMISSION indicates that this implementation is not in charge of evaluating the specified permissions for the specified item and thus will be ignored while computing the composite result of PermissionProvider.isGranted(Tree, PropertyState, long).
        Specified by:
        supportedPermissions in interface AggregatedPermissionProvider
        Parameters:
        tree - The tree for which the permissions will be evaluated or null for repository level privileges.
        property - The target property or null.
        permissions - The permissions to be tested
        Returns:
        The subset of the given permissions that are supported and evaluated by the implementation for the given item.

      • supportedPermissions

        public long supportedPermissions​(@NotNull
                                 @NotNull TreePermission treePermission,
                                 @Nullable
                                 @Nullable PropertyState property,
                                 long permissions)
        Description copied from interface: AggregatedPermissionProvider
        Allows to determined the set or subset of permissions evaluated by the implementing permission provider for the specified tree permission (plus optionally property). Returning Permissions.NO_PERMISSION indicates that this implementation is not in charge of evaluating the specified permissions for the specified tree permission and thus will be ignored while computing the composite result of TreePermission.isGranted(long, PropertyState) and TreePermission.isGranted(long).
        Specified by:
        supportedPermissions in interface AggregatedPermissionProvider
        Parameters:
        treePermission - The target tree permission.
        property - The target property or null.
        permissions - The permissions to be tested
        Returns:
        The subset of the given permissions that are supported and evaluated by the implementation for the given tree permissions.

      • isGranted

        public boolean isGranted​(@NotNull
                         @NotNull TreeLocation location,
                         long permissions)
        Description copied from interface: AggregatedPermissionProvider
        Test if the specified permissions are granted for the set of Principals associated with this provider instance for the item identified by the given location and optionally property. This method will only return true if all permissions are granted.
        Specified by:
        isGranted in interface AggregatedPermissionProvider
        Parameters:
        location - The TreeLocation to test the permissions for.
        permissions - The permissions to be tested.
        Returns:
        true if the specified permissions are granted for the existing or non-existing item identified by the given location.

      • getTreePermission

        @NotNull
public @NotNull TreePermission getTreePermission​(@NotNull
                                                 @NotNull Tree tree,
                                                 @NotNull
                                                 @NotNull TreeType type,
                                                 @NotNull
                                                 @NotNull TreePermission parentPermission)
        Description copied from interface: AggregatedPermissionProvider
        Return the TreePermission for the set of Principals associated with this provider at the specified tree with the given type.
        Specified by:
        getTreePermission in interface AggregatedPermissionProvider
        Parameters:
        tree - The tree for which the TreePermission object should be built.
        type - The type of this tree.
        parentPermission - The TreePermission object that has been obtained before for the parent tree.
        Returns:
        The TreePermission object for the specified tree.

      • getPermissionStore

        @NotNull
protected @NotNull org.apache.jackrabbit.oak.security.authorization.permission.PermissionStore getPermissionStore​(@NotNull
                                                                                                                  @NotNull Root root,
                                                                                                                  @NotNull
                                                                                                                  @NotNull String workspaceName,
                                                                                                                  @NotNull
                                                                                                                  @NotNull RestrictionProvider restrictionProvider)