You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Angela Schreiber (Jira)" <ji...@apache.org> on 2021/07/15 11:55:00 UTC
[jira] [Comment Edited] (OAK-9494) Check if a privilege is granted
at a node
[ https://issues.apache.org/jira/browse/OAK-9494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17381281#comment-17381281 ]
Angela Schreiber edited comment on OAK-9494 at 7/15/21, 11:54 AM:
------------------------------------------------------------------
[~joerghoh], thanks for reporting.... i agree that the fully qualified name constants are making it super-hard to compare sets of jcr names (like privilege names in this case). what should work though is comparing privileges themselves.... i.e. not looking at the names.
e.g. something like:
{code}
// TODO: if all aggregated privileges are required -> extract using Privilege.isAggregate() and Privilege.getAggregatedPrivileges()
Set<Privilege> privileges = ImmutableSet.copyOf(accessControlManger.getPrivileges(absPath));
Privilege readPrivilege = ....
boolean canRead = privileges.contains(readPrivilege);
{code}
and privilege can be access using ac-mgr or privilege manager (thanks for reminding me of that!):
{code}
readPrivilege = acMgr.privilegeFromName(Privilege.JCR_READ)
or
PrivilegeManager privilegeManager = ((JackrabbitWorkspace) session.getWorkspace()).getPrivilegeManager();
readPrivilege = privilegeManager.getPrivilege(Privilege.JCR_READ)
{code}
let me know if that works until we have complete this improvement.
btw: i believe that you want to check if a given privilege is granted at a particular node and not check if you can apply it..... applicable privileges for a given path are covered by a different API method: {{AccessControlManager.getSupportedPrivileges(String absPath)}} will return an array of privileges that can be used/applied at the given path....
was (Author: anchela):
[~joerghoh], thanks for reporting.... i agree that the fully qualified name constants are making it super-hard to compare sets of jcr names (like privilege names in this case). what should work though is comparing privileges themselves.... i.e. not looking at the names.
e.g. something like:
{code}
// TODO: if all aggregated privileges are required -> extract using Privilege.isAggregate() and Privilege.getAggregatedPrivileges()
Set<Privilege> privileges = ImmutableSet.copyOf(accessControlManger.getPrivileges(absPath));
PrivilegeManager privilegeManager = ((JackrabbitWorkspace) session.getWorkspace()).getPrivilegeManager();
boolean canRead = privileges.contains(privilegeManager.getPrivilege(Privilege.JCR_READ));
{code}
let me know if that works until we have complete this improvement.
> Check if a privilege is granted at a node
> -----------------------------------------
>
> Key: OAK-9494
> URL: https://issues.apache.org/jira/browse/OAK-9494
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: api, commons
> Reporter: Joerg Hoh
> Priority: Major
>
> I have a case where I need to check for a session if individual privileges are available for a specific node. For performance reasons I want to avoid to execute multiple calls to {{accessControlManager.hasPrivilege(...)}}, but get all Privileges of that node once and the set various flags based on the presene of certain privileges or not.
> I want to use something like this:
> {code}
> Set<String> applicablePrivilegeNames = ...(accessControlManager.getPrivileges(path))...
> boolean canAddChildNodes = applicablePrivilegeNames.contains(Privilege.JCR_ADD_CHILD_NODES);
> boolean canWrite = applicablePrivilegeNames.contains(Privilege.WRITE);
> {code}
> It should work with aggregates as well.
> Right now it's a bit problematic because {{privilege.getName()}} resolves to something like {{jcr:read}}, while the value of {{Privilege.JCR_READ}} is {{\{http://www.jcp.org/jcr/1.0}read}}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)