Class PrivilegesInfo


  • public class PrivilegesInfo
    extends Object
    Helper class to assist in the usage of access control from scripts.
    • Constructor Detail

      • PrivilegesInfo

        public PrivilegesInfo()
    • Method Detail

      • getSupportedPrivileges

        public javax.jcr.security.Privilege[] getSupportedPrivileges​(javax.jcr.Node node)
                                                              throws javax.jcr.RepositoryException
        Return the supported Privileges for the specified node.
        Parameters:
        node - the node to check
        Returns:
        array of Privileges
        Throws:
        javax.jcr.RepositoryException - if any errors reading the information
      • getSupportedPrivileges

        public javax.jcr.security.Privilege[] getSupportedPrivileges​(javax.jcr.Session session,
                                                                     String absPath)
                                                              throws javax.jcr.RepositoryException
        Returns the supported privileges for the specified path.
        Parameters:
        session - the session for the current user
        absPath - the path to get the privileges for
        Returns:
        array of Privileges
        Throws:
        javax.jcr.RepositoryException - if any errors reading the information
      • getDeclaredAccessRights

        public Map<Principal,​PrivilegesInfo.AccessRights> getDeclaredAccessRights​(javax.jcr.Node node)
                                                                                 throws javax.jcr.RepositoryException
        Returns the mapping of declared access rights that have been set for the resource at the given path.
        Parameters:
        node - the node to get the access rights for
        Returns:
        map of access rights. Key is the user/group principal, value contains the granted/denied privileges
        Throws:
        javax.jcr.RepositoryException - if any errors reading the information
      • getDeclaredAccessRights

        public Map<Principal,​PrivilegesInfo.AccessRights> getDeclaredAccessRights​(javax.jcr.Session session,
                                                                                        String absPath)
                                                                                 throws javax.jcr.RepositoryException
        Returns the mapping of declared access rights that have been set for the resource at the given path.
        Parameters:
        session - the current user session.
        absPath - the path of the resource to get the access rights for
        Returns:
        map of access rights. Key is the user/group principal, value contains the granted/denied privileges
        Throws:
        javax.jcr.RepositoryException - if any errors reading the information
      • toMap

        protected Map<Principal,​PrivilegesInfo.AccessRights> toMap​(javax.jcr.Session session,
                                                                         javax.json.JsonObject aclJson)
                                                                  throws javax.jcr.RepositoryException
        Convert the JSON acl to a map of Principal to AccessRights
        Parameters:
        session - the jcr session
        aclJson - the acl JSON object
        Returns:
        map of Principal to AccessRights
        Throws:
        javax.jcr.RepositoryException
      • getDeclaredAccessRightsForPrincipal

        public PrivilegesInfo.AccessRights getDeclaredAccessRightsForPrincipal​(javax.jcr.Node node,
                                                                               String principalId)
                                                                        throws javax.jcr.RepositoryException
        Returns the declared access rights for the specified Node for the given principalId.
        Parameters:
        node - the JCR node to retrieve the access rights for
        principalId - the principalId to get the access rights for
        Returns:
        access rights for the specified principal
        Throws:
        javax.jcr.RepositoryException - if any errors reading the information
      • getDeclaredAccessRightsForPrincipal

        public PrivilegesInfo.AccessRights getDeclaredAccessRightsForPrincipal​(javax.jcr.Session session,
                                                                               String absPath,
                                                                               String principalId)
                                                                        throws javax.jcr.RepositoryException
        Returns the declared access rights for the resource at the specified path for the given principalId.
        Parameters:
        session - the current JCR session
        absPath - the path of the resource to retrieve the rights for
        principalId - the principalId to get the access rights for
        Returns:
        access rights for the specified principal
        Throws:
        javax.jcr.RepositoryException - if any errors reading the information
      • getDeclaredRestrictionsForPrincipal

        @Deprecated
        public Map<String,​Object> getDeclaredRestrictionsForPrincipal​(javax.jcr.Node node,
                                                                            String principalId)
                                                                     throws javax.jcr.RepositoryException
        Deprecated.
        don't use this as it assumes that all the privileges have the same restrictions which may not be true
        Returns the restrictions for the specified path.
        Parameters:
        node - the node to inspect
        principalId - the principalId to get the access rights for
        Returns:
        map of restrictions (key is restriction name, value is Value or Value[])
        Throws:
        javax.jcr.RepositoryException - if any errors reading the information
      • getDeclaredRestrictionsForPrincipal

        @Deprecated
        public Map<String,​Object> getDeclaredRestrictionsForPrincipal​(javax.jcr.Session session,
                                                                            String absPath,
                                                                            String principalId)
                                                                     throws javax.jcr.RepositoryException
        Deprecated.
        don't use this as it assumes that all the privileges have the same restrictions which may not be true
        Returns the restrictions for the specified path.
        Parameters:
        session - the session for the current user
        absPath - the path to get the privileges for
        principalId - the principalId to get the access rights for
        Returns:
        map of restrictions (key is restriction name, value is Value or Value[])
        Throws:
        javax.jcr.RepositoryException - if any errors reading the information
      • getEffectiveAccessRights

        public Map<Principal,​PrivilegesInfo.AccessRights> getEffectiveAccessRights​(javax.jcr.Node node)
                                                                                  throws javax.jcr.RepositoryException
        Returns the mapping of effective access rights that have been set for the resource at the given path.
        Parameters:
        node - the node to get the access rights for
        Returns:
        map of access rights. Key is the user/group principal, value contains the granted/denied privileges
        Throws:
        javax.jcr.RepositoryException - if any errors reading the information
      • getEffectiveAccessRights

        public Map<Principal,​PrivilegesInfo.AccessRights> getEffectiveAccessRights​(javax.jcr.Session session,
                                                                                         String absPath)
                                                                                  throws javax.jcr.RepositoryException
        Returns the mapping of effective access rights that have been set for the resource at the given path.
        Parameters:
        session - the current user session.
        absPath - the path of the resource to get the access rights for
        Returns:
        map of access rights. Key is the user/group principal, value contains the granted/denied privileges
        Throws:
        javax.jcr.RepositoryException - if any errors reading the information
      • getEffectiveAccessRightsForPrincipal

        public PrivilegesInfo.AccessRights getEffectiveAccessRightsForPrincipal​(javax.jcr.Node node,
                                                                                String principalId)
                                                                         throws javax.jcr.RepositoryException
        Returns the effective access rights for the specified Node for the given principalId.
        Parameters:
        node - the JCR node to retrieve the access rights for
        principalId - the principalId to get the access rights for
        Returns:
        access rights for the specified principal
        Throws:
        javax.jcr.RepositoryException - if any errors reading the information
      • getEffectiveAccessRightsForPrincipal

        public PrivilegesInfo.AccessRights getEffectiveAccessRightsForPrincipal​(javax.jcr.Session session,
                                                                                String absPath,
                                                                                String principalId)
                                                                         throws javax.jcr.RepositoryException
        Returns the effective access rights for the resource at the specified path for the given principalId.
        Parameters:
        session - the current JCR session
        absPath - the path of the resource to retrieve the rights for
        principalId - the principalId to get the access rights for
        Returns:
        access rights for the specified principal
        Throws:
        javax.jcr.RepositoryException - if any errors reading the information
      • canAddChildren

        public boolean canAddChildren​(javax.jcr.Node node)
        Checks whether the current user has been granted privileges to add children to the specified node.
        Parameters:
        node - the node to check
        Returns:
        true if the current user has the privileges, false otherwise
      • canAddChildren

        public boolean canAddChildren​(javax.jcr.Session session,
                                      String absPath)
        Checks whether the current user has been granted privileges to add children to the specified path.
        Parameters:
        session - the JCR session of the current user
        absPath - the path of the resource to check
        Returns:
        true if the current user has the privileges, false otherwise
      • canDeleteChildren

        public boolean canDeleteChildren​(javax.jcr.Node node)
        Checks whether the current user has been granted privileges to delete children to the specified node.
        Parameters:
        node - the node to check
        Returns:
        true if the current user has the privileges, false otherwise
      • canDeleteChildren

        public boolean canDeleteChildren​(javax.jcr.Session session,
                                         String absPath)
        Checks whether the current user has been granted privileges to delete children of the specified path.
        Parameters:
        session - the JCR session of the current user
        absPath - the path of the resource to check
        Returns:
        true if the current user has the privileges, false otherwise
      • canDelete

        public boolean canDelete​(javax.jcr.Node node)
        Checks whether the current user has been granted privileges to delete the specified node.
        Parameters:
        node - the node to check
        Returns:
        true if the current user has the privileges, false otherwise
      • canDelete

        public boolean canDelete​(javax.jcr.Session session,
                                 String absPath)
        Checks whether the current user has been granted privileges to delete the specified path.
        Parameters:
        session - the JCR session of the current user
        absPath - the path of the resource to check
        Returns:
        true if the current user has the privileges, false otherwise
      • canModifyProperties

        public boolean canModifyProperties​(javax.jcr.Node node)
        Checks whether the current user has been granted privileges to modify properties of the specified node.
        Parameters:
        node - the node to check
        Returns:
        true if the current user has the privileges, false otherwise
      • canModifyProperties

        public boolean canModifyProperties​(javax.jcr.Session session,
                                           String absPath)
        Checks whether the current user has been granted privileges to modify properties of the specified path.
        Parameters:
        session - the JCR session of the current user
        absPath - the path of the resource to check
        Returns:
        true if the current user has the privileges, false otherwise
      • canReadAccessControl

        public boolean canReadAccessControl​(javax.jcr.Node node)
        Checks whether the current user has been granted privileges to read the access control of the specified node.
        Parameters:
        node - the node to check
        Returns:
        true if the current user has the privileges, false otherwise
      • canReadAccessControl

        public boolean canReadAccessControl​(javax.jcr.Session session,
                                            String absPath)
        Checks whether the current user has been granted privileges to read the access control of the specified path.
        Parameters:
        session - the JCR session of the current user
        absPath - the path of the resource to check
        Returns:
        true if the current user has the privileges, false otherwise
      • canModifyAccessControl

        public boolean canModifyAccessControl​(javax.jcr.Node node)
        Checks whether the current user has been granted privileges to modify the access control of the specified node.
        Parameters:
        node - the node to check
        Returns:
        true if the current user has the privileges, false otherwise
      • canModifyAccessControl

        public boolean canModifyAccessControl​(javax.jcr.Session session,
                                              String absPath)
        Checks whether the current user has been granted privileges to modify the access control of the specified path.
        Parameters:
        session - the JCR session of the current user
        absPath - the path of the resource to check
        Returns:
        true if the current user has the privileges, false otherwise