While implementing custom metadata based permission provider, you can follow this article to implement it. One issue I faced during this implementation that the version access was not working. To fix this modify below methods:
@Override
public TreePermission getTreePermission(Tree tree, TreePermission parentPermission) {
if (PermissionHelpers.isDamPath(tree) || PermissionHelpers.isDamAncestorPath(tree)) {
if (PermissionHelpers.findAncestorAsset(tree) != null) {
return PermissionHelpers.isAncestorAssetOwner(tree, principalNames) ?
TreePermission.ALL : parentPermission;
} else {
return new EmptyAssetMetadataTreePermission(tree, TreeType.DEFAULT, this);
}
} else if (tree.getPath().startsWith("/" + JcrConstants.JCR_SYSTEM)) {
return TreePermission.ALL;
}
return TreePermission.NO_RECOURSE;
}
Another method:
@Override
public boolean isGranted(Tree tree, PropertyState property, long permissions) {
TreeType type = treeTypeProvider.getType(tree);
switch (type) {
case HIDDEN:
return true;
case VERSION:
Tree evalTree = getEvaluationTree(tree);
if (evalTree == null) {
return false;
}
if (evalTree.exists()) {
return internalIsGranted(evalTree, property, permissions);
} else {
return false;
}
case INTERNAL:
return false;
default:
return internalIsGranted(tree, property, permissions);
}
}
Core logic to test metadata conditions to meet business requirement is put in the below private method which is called in the above isGranted method.
private boolean internalIsGranted(@NotNull Tree tree, @Nullable PropertyState property,
long permissions) {
boolean answer = false;
if (PermissionHelpers.isAncestorAssetOwner(tree, principalNames)) {
answer = true;
}
if (property != null) {
LOG.debug("isGranted: {}@{} ({}) = {}", tree.getPath(), property.getName(),
permissions, answer);
} else {
LOG.debug("isGranted: {} ({}) = {}", tree.getPath(), permissions, answer);
}
return answer;
}
PermissionHelpers here is a general utility class like below:
No comments:
Post a Comment