oak-core/src/main/java/org/apache/jackrabbit/oak/security/user/Utils.java - jackrabbit-oak - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.jackrabbit.oak.security.user;

 import org.apache.jackrabbit.api.security.user.Authorizable;
 import org.apache.jackrabbit.api.security.user.User;
 import org.apache.jackrabbit.oak.api.Root;
 import org.apache.jackrabbit.oak.api.Tree;
 import org.apache.jackrabbit.oak.commons.PathUtils;
 import org.apache.jackrabbit.oak.plugins.tree.TreeAware;
 import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
 import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
 import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
 import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;

 import javax.jcr.AccessDeniedException;
 import javax.jcr.RepositoryException;

 final class Utils {

     private Utils() {}

     /**
      * Create the tree at the specified relative path including all missing
      * intermediate trees using the specified {@code primaryTypeName}. This
      * method treats ".." parent element and "." as current element and
      * resolves them accordingly; in case of a relative path containing parent
      * elements this may lead to tree creating outside the tree structure
      * defined by the given {@code Tree}.
      *
      * @param relativePath    A relative OAK path that may contain parent and
      *                        current elements.
      * @param primaryTypeName A oak name of a primary node type that is used
      *                        to create the missing trees.
      * @return The node util of the tree at the specified {@code relativePath}.
      * @throws AccessDeniedException If the any intermediate tree does not exist
      *                               and cannot be created.
      */
     @NotNull
     static Tree getOrAddTree(@NotNull Tree tree, @NotNull String relativePath, @NotNull String primaryTypeName) throws AccessDeniedException {
         if (PathUtils.denotesCurrent(relativePath)) {
             return tree;
         } else if (PathUtils.denotesParent(relativePath)) {
             return tree.getParent();
         } else if (relativePath.indexOf('/') == -1) {
             return TreeUtil.getOrAddChild(tree, relativePath, primaryTypeName);
         } else {
             for (String element : PathUtils.elements(relativePath)) {
                 if (PathUtils.denotesParent(element)) {
                     tree = tree.getParent();
                 } else if (!PathUtils.denotesCurrent(element)) {
                     tree = TreeUtil.getOrAddChild(tree, element, primaryTypeName);
                 }  // else . -> skip to next element
             }
             return tree;
         }
     }

     static boolean canHavePasswordExpired(@NotNull String userId, @NotNull ConfigurationParameters config) {
         return !UserUtil.isAdmin(config, userId) || config.getConfigValue(UserAuthentication.PARAM_PASSWORD_EXPIRY_FOR_ADMIN, false);
     }

     static boolean canHavePasswordExpired(@NotNull User user, @NotNull ConfigurationParameters config) {
         return !user.isAdmin() || config.getConfigValue(UserAuthentication.PARAM_PASSWORD_EXPIRY_FOR_ADMIN, false);
     }

     static boolean isEveryone(@NotNull Authorizable authorizable) {
         return authorizable.isGroup() && EveryonePrincipal.NAME.equals(getPrincipalName(authorizable));
     }

     @Nullable
     private static String getPrincipalName(@NotNull Authorizable authorizable) {
         if (authorizable instanceof AuthorizableImpl) {
             return ((AuthorizableImpl) authorizable).getPrincipalNameOrNull();
         } else {
             try {
                 return authorizable.getPrincipal().getName();
             } catch (RepositoryException e) {
                 return null;
             }
         }
     }

     @Nullable
     static String getIdOrNull(@NotNull Authorizable authorizable) {
         try {
             return authorizable.getID();
         } catch (RepositoryException e) {
             return null;
         }
     }

     @NotNull
     static Tree getTree(@NotNull Authorizable authorizable, @NotNull Root root) throws RepositoryException {
         if (authorizable instanceof TreeAware) {
             return ((TreeAware) authorizable).getTree();
         } else {
             return root.getTree(authorizable.getPath());
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.jackrabbit.oak.security.user;

	import org.apache.jackrabbit.api.security.user.Authorizable;
	import org.apache.jackrabbit.api.security.user.User;
	import org.apache.jackrabbit.oak.api.Root;
	import org.apache.jackrabbit.oak.api.Tree;
	import org.apache.jackrabbit.oak.commons.PathUtils;
	import org.apache.jackrabbit.oak.plugins.tree.TreeAware;
	import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
	import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
	import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
	import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
	import org.jetbrains.annotations.NotNull;
	import org.jetbrains.annotations.Nullable;

	import javax.jcr.AccessDeniedException;
	import javax.jcr.RepositoryException;

	final class Utils {

	private Utils() {}

	/**
	* Create the tree at the specified relative path including all missing
	* intermediate trees using the specified {@code primaryTypeName}. This
	* method treats ".." parent element and "." as current element and
	* resolves them accordingly; in case of a relative path containing parent
	* elements this may lead to tree creating outside the tree structure
	* defined by the given {@code Tree}.
	*
	* @param relativePath A relative OAK path that may contain parent and
	* current elements.
	* @param primaryTypeName A oak name of a primary node type that is used
	* to create the missing trees.
	* @return The node util of the tree at the specified {@code relativePath}.
	* @throws AccessDeniedException If the any intermediate tree does not exist
	* and cannot be created.
	*/
	@NotNull
	static Tree getOrAddTree(@NotNull Tree tree, @NotNull String relativePath, @NotNull String primaryTypeName) throws AccessDeniedException {
	if (PathUtils.denotesCurrent(relativePath)) {
	return tree;
	} else if (PathUtils.denotesParent(relativePath)) {
	return tree.getParent();
	} else if (relativePath.indexOf('/') == -1) {
	return TreeUtil.getOrAddChild(tree, relativePath, primaryTypeName);
	} else {
	for (String element : PathUtils.elements(relativePath)) {
	if (PathUtils.denotesParent(element)) {
	tree = tree.getParent();
	} else if (!PathUtils.denotesCurrent(element)) {
	tree = TreeUtil.getOrAddChild(tree, element, primaryTypeName);
	} // else . -> skip to next element
	}
	return tree;
	}
	}

	static boolean canHavePasswordExpired(@NotNull String userId, @NotNull ConfigurationParameters config) {
	return !UserUtil.isAdmin(config, userId) \|\| config.getConfigValue(UserAuthentication.PARAM_PASSWORD_EXPIRY_FOR_ADMIN, false);
	}

	static boolean canHavePasswordExpired(@NotNull User user, @NotNull ConfigurationParameters config) {
	return !user.isAdmin() \|\| config.getConfigValue(UserAuthentication.PARAM_PASSWORD_EXPIRY_FOR_ADMIN, false);
	}

	static boolean isEveryone(@NotNull Authorizable authorizable) {
	return authorizable.isGroup() && EveryonePrincipal.NAME.equals(getPrincipalName(authorizable));
	}

	@Nullable
	private static String getPrincipalName(@NotNull Authorizable authorizable) {
	if (authorizable instanceof AuthorizableImpl) {
	return ((AuthorizableImpl) authorizable).getPrincipalNameOrNull();
	} else {
	try {
	return authorizable.getPrincipal().getName();
	} catch (RepositoryException e) {
	return null;
	}
	}
	}

	@Nullable
	static String getIdOrNull(@NotNull Authorizable authorizable) {
	try {
	return authorizable.getID();
	} catch (RepositoryException e) {
	return null;
	}
	}

	@NotNull
	static Tree getTree(@NotNull Authorizable authorizable, @NotNull Root root) throws RepositoryException {
	if (authorizable instanceof TreeAware) {
	return ((TreeAware) authorizable).getTree();
	} else {
	return root.getTree(authorizable.getPath());
	}
	}
	}