Package org.apache.sling.jcr.jackrabbit.accessmanager

Class PrivilegesInfo

java.lang.Object
org.apache.sling.jcr.jackrabbit.accessmanager.PrivilegesInfo
public class PrivilegesInfo extends Object
Helper class to assist in the usage of access control from scripts.

  • Constructor Details

    • PrivilegesInfo

      public PrivilegesInfo()

  • Method Details

    • getSupportedPrivileges

      public javax.jcr.security.Privilege[] getSupportedPrivileges(javax.jcr.Node node) throws javax.jcr.RepositoryException
      Return the supported Privileges for the specified node.
      Parameters:
      node - the node to check
      Returns:
      array of Privileges
      Throws:
      javax.jcr.RepositoryException - if any errors reading the information

    • getSupportedPrivileges

      public javax.jcr.security.Privilege[] getSupportedPrivileges(javax.jcr.Session session, String absPath) throws javax.jcr.RepositoryException
      Returns the supported privileges for the specified path.
      Parameters:
      session - the session for the current user
      absPath - the path to get the privileges for
      Returns:
      array of Privileges
      Throws:
      javax.jcr.RepositoryException - if any errors reading the information

    • getDeclaredAccessRights

      public Map<Principal,PrivilegesInfo.AccessRights> getDeclaredAccessRights(javax.jcr.Node node) throws javax.jcr.RepositoryException
      Returns the mapping of declared access rights that have been set for the resource at the given path.
      Parameters:
      node - the node to get the access rights for
      Returns:
      map of access rights. Key is the user/group principal, value contains the granted/denied privileges
      Throws:
      javax.jcr.RepositoryException - if any errors reading the information

    • getDeclaredAccessRights

      public Map<Principal,PrivilegesInfo.AccessRights> getDeclaredAccessRights(javax.jcr.Session session, String absPath) throws javax.jcr.RepositoryException
      Returns the mapping of declared access rights that have been set for the resource at the given path.
      Parameters:
      session - the current user session.
      absPath - the path of the resource to get the access rights for
      Returns:
      map of access rights. Key is the user/group principal, value contains the granted/denied privileges
      Throws:
      javax.jcr.RepositoryException - if any errors reading the information

    • toMap

      protected Map<Principal,PrivilegesInfo.AccessRights> toMap(javax.jcr.Session session, jakarta.json.JsonObject aclJson) throws javax.jcr.RepositoryException
      Convert the JSON acl to a map of Principal to AccessRights
      Parameters:
      session - the jcr session
      aclJson - the acl JSON object
      Returns:
      map of Principal to AccessRights
      Throws:
      javax.jcr.RepositoryException

    • getDeclaredAccessRightsForPrincipal

      public PrivilegesInfo.AccessRights getDeclaredAccessRightsForPrincipal(javax.jcr.Node node, String principalId) throws javax.jcr.RepositoryException
      Returns the declared access rights for the specified Node for the given principalId.
      Parameters:
      node - the JCR node to retrieve the access rights for
      principalId - the principalId to get the access rights for
      Returns:
      access rights for the specified principal
      Throws:
      javax.jcr.RepositoryException - if any errors reading the information

    • getDeclaredAccessRightsForPrincipal

      public PrivilegesInfo.AccessRights getDeclaredAccessRightsForPrincipal(javax.jcr.Session session, String absPath, String principalId) throws javax.jcr.RepositoryException
      Returns the declared access rights for the resource at the specified path for the given principalId.
      Parameters:
      session - the current JCR session
      absPath - the path of the resource to retrieve the rights for
      principalId - the principalId to get the access rights for
      Returns:
      access rights for the specified principal
      Throws:
      javax.jcr.RepositoryException - if any errors reading the information

    • getDeclaredRestrictionsForPrincipal

      @Deprecated public Map<String,Object> getDeclaredRestrictionsForPrincipal(javax.jcr.Node node, String principalId) throws javax.jcr.RepositoryException
      Deprecated.
      don't use this as it assumes that all the privileges have the same restrictions which may not be true
      Returns the restrictions for the specified path.
      Parameters:
      node - the node to inspect
      principalId - the principalId to get the access rights for
      Returns:
      map of restrictions (key is restriction name, value is Value or Value[])
      Throws:
      javax.jcr.RepositoryException - if any errors reading the information

    • getDeclaredRestrictionsForPrincipal

      @Deprecated public Map<String,Object> getDeclaredRestrictionsForPrincipal(javax.jcr.Session session, String absPath, String principalId) throws javax.jcr.RepositoryException
      Deprecated.
      don't use this as it assumes that all the privileges have the same restrictions which may not be true
      Returns the restrictions for the specified path.
      Parameters:
      session - the session for the current user
      absPath - the path to get the privileges for
      principalId - the principalId to get the access rights for
      Returns:
      map of restrictions (key is restriction name, value is Value or Value[])
      Throws:
      javax.jcr.RepositoryException - if any errors reading the information

    • getEffectiveAccessRights

      public Map<Principal,PrivilegesInfo.AccessRights> getEffectiveAccessRights(javax.jcr.Node node) throws javax.jcr.RepositoryException
      Returns the mapping of effective access rights that have been set for the resource at the given path.
      Parameters:
      node - the node to get the access rights for
      Returns:
      map of access rights. Key is the user/group principal, value contains the granted/denied privileges
      Throws:
      javax.jcr.RepositoryException - if any errors reading the information

    • getEffectiveAccessRights

      public Map<Principal,PrivilegesInfo.AccessRights> getEffectiveAccessRights(javax.jcr.Session session, String absPath) throws javax.jcr.RepositoryException
      Returns the mapping of effective access rights that have been set for the resource at the given path.
      Parameters:
      session - the current user session.
      absPath - the path of the resource to get the access rights for
      Returns:
      map of access rights. Key is the user/group principal, value contains the granted/denied privileges
      Throws:
      javax.jcr.RepositoryException - if any errors reading the information

    • getEffectiveAccessRightsForPrincipal

      public PrivilegesInfo.AccessRights getEffectiveAccessRightsForPrincipal(javax.jcr.Node node, String principalId) throws javax.jcr.RepositoryException
      Returns the effective access rights for the specified Node for the given principalId.
      Parameters:
      node - the JCR node to retrieve the access rights for
      principalId - the principalId to get the access rights for
      Returns:
      access rights for the specified principal
      Throws:
      javax.jcr.RepositoryException - if any errors reading the information

    • getEffectiveAccessRightsForPrincipal

      public PrivilegesInfo.AccessRights getEffectiveAccessRightsForPrincipal(javax.jcr.Session session, String absPath, String principalId) throws javax.jcr.RepositoryException
      Returns the effective access rights for the resource at the specified path for the given principalId.
      Parameters:
      session - the current JCR session
      absPath - the path of the resource to retrieve the rights for
      principalId - the principalId to get the access rights for
      Returns:
      access rights for the specified principal
      Throws:
      javax.jcr.RepositoryException - if any errors reading the information

    • canAddChildren

      public boolean canAddChildren(javax.jcr.Node node)
      Checks whether the current user has been granted privileges to add children to the specified node.
      Parameters:
      node - the node to check
      Returns:
      true if the current user has the privileges, false otherwise

    • canAddChildren

      public boolean canAddChildren(javax.jcr.Session session, String absPath)
      Checks whether the current user has been granted privileges to add children to the specified path.
      Parameters:
      session - the JCR session of the current user
      absPath - the path of the resource to check
      Returns:
      true if the current user has the privileges, false otherwise

    • canDeleteChildren

      public boolean canDeleteChildren(javax.jcr.Node node)
      Checks whether the current user has been granted privileges to delete children to the specified node.
      Parameters:
      node - the node to check
      Returns:
      true if the current user has the privileges, false otherwise

    • canDeleteChildren

      public boolean canDeleteChildren(javax.jcr.Session session, String absPath)
      Checks whether the current user has been granted privileges to delete children of the specified path.
      Parameters:
      session - the JCR session of the current user
      absPath - the path of the resource to check
      Returns:
      true if the current user has the privileges, false otherwise

    • canDelete

      public boolean canDelete(javax.jcr.Node node)
      Checks whether the current user has been granted privileges to delete the specified node.
      Parameters:
      node - the node to check
      Returns:
      true if the current user has the privileges, false otherwise

    • canDelete

      public boolean canDelete(javax.jcr.Session session, String absPath)
      Checks whether the current user has been granted privileges to delete the specified path.
      Parameters:
      session - the JCR session of the current user
      absPath - the path of the resource to check
      Returns:
      true if the current user has the privileges, false otherwise

    • canModifyProperties

      public boolean canModifyProperties(javax.jcr.Node node)
      Checks whether the current user has been granted privileges to modify properties of the specified node.
      Parameters:
      node - the node to check
      Returns:
      true if the current user has the privileges, false otherwise

    • canModifyProperties

      public boolean canModifyProperties(javax.jcr.Session session, String absPath)
      Checks whether the current user has been granted privileges to modify properties of the specified path.
      Parameters:
      session - the JCR session of the current user
      absPath - the path of the resource to check
      Returns:
      true if the current user has the privileges, false otherwise

    • canReadAccessControl

      public boolean canReadAccessControl(javax.jcr.Node node)
      Checks whether the current user has been granted privileges to read the access control of the specified node.
      Parameters:
      node - the node to check
      Returns:
      true if the current user has the privileges, false otherwise

    • canReadAccessControl

      public boolean canReadAccessControl(javax.jcr.Session session, String absPath)
      Checks whether the current user has been granted privileges to read the access control of the specified path.
      Parameters:
      session - the JCR session of the current user
      absPath - the path of the resource to check
      Returns:
      true if the current user has the privileges, false otherwise

    • canModifyAccessControl

      public boolean canModifyAccessControl(javax.jcr.Node node)
      Checks whether the current user has been granted privileges to modify the access control of the specified node.
      Parameters:
      node - the node to check
      Returns:
      true if the current user has the privileges, false otherwise

    • canModifyAccessControl

      public boolean canModifyAccessControl(javax.jcr.Session session, String absPath)
      Checks whether the current user has been granted privileges to modify the access control of the specified path.
      Parameters:
      session - the JCR session of the current user
      absPath - the path of the resource to check
      Returns:
      true if the current user has the privileges, false otherwise