Xinwen Deng / aem-src

Cq62FormsContentUpgrade.java 5.48 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 
/*
 * Decompiled with CFR 0_118.
 * 
 * Could not load the following classes:
 *  javax.jcr.RepositoryException
 *  javax.jcr.Session
 *  javax.jcr.security.AccessControlEntry
 *  javax.jcr.security.AccessControlManager
 *  javax.jcr.security.AccessControlPolicy
 *  javax.jcr.security.Privilege
 *  org.apache.jackrabbit.api.JackrabbitSession
 *  org.apache.jackrabbit.api.security.JackrabbitAccessControlList
 *  org.apache.jackrabbit.api.security.JackrabbitAccessControlManager
 *  org.apache.jackrabbit.api.security.principal.PrincipalManager
 *  org.apache.jackrabbit.api.security.user.Authorizable
 *  org.apache.jackrabbit.api.security.user.UserManager
 *  org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils
 *  org.apache.sling.jcr.base.util.AccessControlUtil
 *  org.slf4j.Logger
 *  org.slf4j.LoggerFactory
 */
package com.day.cq.compat.codeupgrade.impl.cq62;

import com.day.cq.compat.codeupgrade.internal.api.ProgressInfoProvider;
import java.security.Principal;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.sling.jcr.base.util.AccessControlUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class Cq62FormsContentUpgrade
implements ProgressInfoProvider {
    private final Logger log;
    private String progressInfo;
    private final String NODE_PATH = "/content/forms/af";

    public Cq62FormsContentUpgrade() {
        this.log = LoggerFactory.getLogger(this.getClass());
        this.NODE_PATH = "/content/forms/af";
    }

    @Override
    public String getProgressInfo() {
        return this.progressInfo;
    }

    void setProgressInfo(String info) {
        this.progressInfo = info;
        this.log.info(this.progressInfo);
    }

    public void doUpgrade(Session session) throws RepositoryException {
        try {
            if (session.nodeExists("/content/forms/af")) {
                this.setProgressInfo("/content/forms/af Exists : Reordering the ACEs");
                this.reorderACLs((JackrabbitSession)session, "/content/forms/af");
            } else {
                this.setProgressInfo("/content/forms/af : Node doesn't exist");
            }
        }
        catch (Exception e) {
            this.log.error("Exception in " + this.getClass().getSimpleName() + ".run()", (Throwable)e);
        }
    }

    private void reorderACLs(JackrabbitSession jackrabbitSession, String path) throws Exception {
        try {
            JackrabbitAccessControlManager acMgr = (JackrabbitAccessControlManager)jackrabbitSession.getAccessControlManager();
            JackrabbitAccessControlList acl = AccessControlUtils.getAccessControlList((AccessControlManager)acMgr, (String)path);
            if (acl != null) {
                this.setProgressInfo("ACL found, Reordering the ACEs");
                JackrabbitAccessControlList jacl = acl;
                AccessControlEntry[] accessControlEntries = jacl.getAccessControlEntries();
                AccessControlEntry srcAccessControlEntry = null;
                if (accessControlEntries != null) {
                    for (AccessControlEntry ace : accessControlEntries) {
                        if (!this.isRequiredACE(ace, acMgr, jackrabbitSession)) continue;
                        srcAccessControlEntry = ace;
                        this.setProgressInfo("Found deny:everyone ACE to be reordered");
                        break;
                    }
                }
                if (srcAccessControlEntry != null) {
                    jacl.orderBefore(srcAccessControlEntry, accessControlEntries[0]);
                    acMgr.setPolicy(path, (AccessControlPolicy)jacl);
                    jackrabbitSession.save();
                    this.setProgressInfo("Reordering of ACEs done");
                } else {
                    this.setProgressInfo("No ACE found with deny:everyone and modifyProperties as privilege, making no changes");
                }
            } else {
                this.setProgressInfo("No ACL was found, Not re-ordering the ACEs");
            }
        }
        catch (Exception e) {
            this.log.error("Exception in updating ACL", (Throwable)e);
            throw e;
        }
    }

    private boolean isRequiredACE(AccessControlEntry ace, JackrabbitAccessControlManager acMgr, JackrabbitSession jackrabbitSession) throws Exception {
        UserManager userManager = AccessControlUtil.getUserManager((Session)jackrabbitSession);
        Authorizable everyoneAuthorizable = userManager.getAuthorizable(jackrabbitSession.getPrincipalManager().getEveryone());
        if (ace != null && !AccessControlUtil.isAllow((AccessControlEntry)ace) && ace.getPrincipal().equals(everyoneAuthorizable.getPrincipal()) && ace.getPrivileges().length == 1 && ace.getPrivileges()[0].getName().equals(acMgr.privilegeFromName("{http://www.jcp.org/jcr/1.0}modifyProperties").getName())) {
            return true;
        }
        return false;
    }
}