Java tutorial
/* * This program is free software; you can redistribute it and/or modify it under the * terms of the GNU General Public License, version 2 as published by the Free Software * Foundation. * * You should have received a copy of the GNU General Public License along with this * program; if not, you can obtain a copy at http://www.gnu.org/licenses/gpl-2.0.html * or from the Free Software Foundation, Inc., * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. * * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; * without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. * See the GNU General Public License for more details. * * * Copyright 2006 - 2013 Pentaho Corporation. All rights reserved. */ package org.pentaho.platform.repository2.unified.jcr; import com.google.common.collect.HashMultimap; import com.google.common.collect.Multimap; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.pentaho.platform.api.repository2.unified.IPentahoJCRPrivilege; import org.pentaho.platform.api.repository2.unified.RepositoryFilePermission; import org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclDao.IPermissionConversionHelper; import org.springframework.util.Assert; import javax.jcr.RepositoryException; import javax.jcr.Session; import javax.jcr.security.Privilege; import java.util.Collection; import java.util.EnumSet; import java.util.HashSet; import java.util.Set; /** * Default {@link IPermissionConversionHelper} implementation. * * @author mlowery */ public class DefaultPermissionConversionHelper implements IPermissionConversionHelper { // ~ Static fields/initializers // ====================================================================================== private static final Log logger = LogFactory.getLog(DefaultPermissionConversionHelper.class); // ~ Instance fields // ================================================================================================= protected Multimap<RepositoryFilePermission, String> permissionEnumToPrivilegeNamesMap; protected Multimap<String, RepositoryFilePermission> privilegeNameToPermissionEnumsMap; // ~ Constructors // ==================================================================================================== public DefaultPermissionConversionHelper(final Session session) { super(); initMaps(session); } // ~ Methods // ========================================================================================================= public Privilege[] pentahoPermissionsToPrivileges(final Session session, final EnumSet<RepositoryFilePermission> permissions) throws RepositoryException { Assert.notNull(session); Assert.notNull(permissions); Assert.notEmpty(permissions); Set<Privilege> privileges = new HashSet<Privilege>(); for (RepositoryFilePermission currentPermission : permissions) { if (permissionEnumToPrivilegeNamesMap.containsKey(currentPermission)) { Collection<String> privNames = permissionEnumToPrivilegeNamesMap.get(currentPermission); for (String privName : privNames) { privileges.add(session.getAccessControlManager().privilegeFromName(privName)); } } else { logger.debug("skipping permission=" + currentPermission //$NON-NLS-1$ + " as it doesn't have any corresponding privileges"); //$NON-NLS-1$ } } Assert.isTrue(!privileges.isEmpty(), "no privileges; see previous 'skipping permission' messages"); return privileges.toArray(new Privilege[0]); } public EnumSet<RepositoryFilePermission> privilegesToPentahoPermissions(final Session session, final Privilege[] privileges) throws RepositoryException { Assert.notNull(session); Assert.notNull(privileges); new PentahoJcrConstants(session); EnumSet<RepositoryFilePermission> permissions = EnumSet.noneOf(RepositoryFilePermission.class); Privilege[] expandedPrivileges = JcrRepositoryFileAclUtils.expandPrivileges(privileges, true); for (Privilege privilege : expandedPrivileges) { // this privilege name is of the format xyz:blah where xyz is the namespace prefix; // convert it to match the Privilege.JCR_* string constants String extendedPrivilegeName = privilege.getName(); String privilegeName = privilege.getName(); int colonIndex = privilegeName.indexOf(":"); //$NON-NLS-1$ if (colonIndex > -1) { String namespaceUri = session.getNamespaceURI(privilegeName.substring(0, colonIndex)); extendedPrivilegeName = "{" + namespaceUri + "}" + privilegeName.substring(colonIndex + 1); //$NON-NLS-1$ //$NON-NLS-2$ } if (privilegeNameToPermissionEnumsMap.containsKey(extendedPrivilegeName)) { Collection<RepositoryFilePermission> permEnums = privilegeNameToPermissionEnumsMap .get(extendedPrivilegeName); for (RepositoryFilePermission perm : permEnums) { permissions.add(perm); } } else { logger.debug("skipping privilege with name=" + extendedPrivilegeName //$NON-NLS-1$ + " as it doesn't have any corresponding permissions"); //$NON-NLS-1$ } } Assert.isTrue(!permissions.isEmpty(), "no permissions; see previous 'skipping privilege' messages"); return permissions; } protected void initMaps(final Session session) { new PentahoJcrConstants(session); permissionEnumToPrivilegeNamesMap = HashMultimap.create(); // READ permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.READ, Privilege.JCR_READ); permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.READ, Privilege.JCR_READ_ACCESS_CONTROL); // DELETE permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.DELETE, Privilege.JCR_REMOVE_NODE); // WRITE permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.WRITE, Privilege.JCR_ADD_CHILD_NODES); permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.WRITE, Privilege.JCR_REMOVE_CHILD_NODES); permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.WRITE, Privilege.JCR_VERSION_MANAGEMENT); permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.WRITE, Privilege.JCR_LOCK_MANAGEMENT); permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.WRITE, Privilege.JCR_MODIFY_PROPERTIES); permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.WRITE, Privilege.JCR_NODE_TYPE_MANAGEMENT); permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.WRITE, Privilege.JCR_MODIFY_ACCESS_CONTROL); // ACL_MANAGEMENT permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.ACL_MANAGEMENT, IPentahoJCRPrivilege.PHO_ACLMANAGEMENT); // ALL permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.ALL, Privilege.JCR_ALL); permissionEnumToPrivilegeNamesMap.put(RepositoryFilePermission.ALL, IPentahoJCRPrivilege.PHO_ACLMANAGEMENT); privilegeNameToPermissionEnumsMap = HashMultimap.create(); // JCR_READ + JCR_READ_ACCESS_CONTROL privilegeNameToPermissionEnumsMap.put(Privilege.JCR_READ, RepositoryFilePermission.READ); privilegeNameToPermissionEnumsMap.put(Privilege.JCR_READ_ACCESS_CONTROL, RepositoryFilePermission.READ); // JCR_REMOVE_NODE privilegeNameToPermissionEnumsMap.put(Privilege.JCR_REMOVE_NODE, RepositoryFilePermission.DELETE); // Custom Pentaho Permission privilegeNameToPermissionEnumsMap.put(IPentahoJCRPrivilege.PHO_ACLMANAGEMENT, RepositoryFilePermission.ACL_MANAGEMENT); // JCR_WRITE privilegeNameToPermissionEnumsMap.put(Privilege.JCR_ADD_CHILD_NODES, RepositoryFilePermission.WRITE); privilegeNameToPermissionEnumsMap.put(Privilege.JCR_REMOVE_CHILD_NODES, RepositoryFilePermission.WRITE); privilegeNameToPermissionEnumsMap.put(Privilege.JCR_VERSION_MANAGEMENT, RepositoryFilePermission.WRITE); privilegeNameToPermissionEnumsMap.put(Privilege.JCR_LOCK_MANAGEMENT, RepositoryFilePermission.WRITE); privilegeNameToPermissionEnumsMap.put(Privilege.JCR_MODIFY_PROPERTIES, RepositoryFilePermission.WRITE); privilegeNameToPermissionEnumsMap.put(Privilege.JCR_NODE_TYPE_MANAGEMENT, RepositoryFilePermission.WRITE); privilegeNameToPermissionEnumsMap.put(Privilege.JCR_MODIFY_ACCESS_CONTROL, RepositoryFilePermission.WRITE); // JCR_ALL privilegeNameToPermissionEnumsMap.put(Privilege.JCR_ALL, RepositoryFilePermission.ALL); privilegeNameToPermissionEnumsMap.put(IPentahoJCRPrivilege.PHO_ACLMANAGEMENT, RepositoryFilePermission.ALL); // None of the following translate into a RepositoryFilePermission: // JCR_RETENTION_MANAGEMENT // JCR_LIFECYCLE_MANAGEMENT } }