Class ModifyAceServlet
- java.lang.Object
-
- javax.servlet.GenericServlet
-
- org.apache.sling.api.servlets.SlingSafeMethodsServlet
-
- org.apache.sling.api.servlets.SlingAllMethodsServlet
-
- org.apache.sling.jcr.jackrabbit.accessmanager.post.AbstractAccessServlet
-
- org.apache.sling.jcr.jackrabbit.accessmanager.post.AbstractAccessPostServlet
-
- org.apache.sling.jcr.jackrabbit.accessmanager.post.ModifyAceServlet
-
- All Implemented Interfaces:
Serializable,javax.servlet.Servlet,javax.servlet.ServletConfig,ModifyAce
- Direct Known Subclasses:
ModifyPrincipalAceServlet
public class ModifyAceServlet extends AbstractAccessPostServlet implements ModifyAce
Sling Post Servlet implementation for modifying the ACEs for a principal on a JCR resource.
Rest Service Description
Modify a principal's ACEs for the node identified as a resource by the request URL >resource<.modifyAce.html
Transport Details:
Methods
- POST
Post Parameters
- principalId
- The principal of the ACEs to modify in the ACL specified by the path.
- privilege@[privilege_name]
- One or more privileges which will be applied to the ACE. Any permissions that are present in an existing ACE for the principal but not in the request are left untouched. The parameter value must be either 'allow', 'deny' or 'all'. For backward compatibility, 'granted' or 'denied' may also be used for the parameter value as an alias for 'allow' or 'deny'.
- restriction@[restriction_name]
- One or more restrictions which will be applied to the ACE. The value is the target value of the restriction to be set.
- restriction@[restriction_name]@Delete
- One or more restrictions which will be removed from the ACE
- privilege@[privilege_name]@Delete
- One param for each privilege to delete. The parameter value must be either 'allow', 'deny' or 'all' to specify which state to delete from
- restriction@[privilege_name]@[restriction_name]@Allow
- restriction@[privilege_name]@[restriction_name]@Deny
- One param for each restriction value. The same parameter name may be used again for multi-value restrictions. The @Allow or @Deny suffix specifies whether to apply the restriction to the 'allow' or 'deny' privilege. The value is the target value of the restriction to be set.
- restriction@[privilege_name]@[restriction_name]@Delete
- One param for each restriction to delete. The parameter value must be either 'allow', 'deny' or 'all' to specify which state to delete from.
Response
- 200
- Success.
- 404
- The resource was not found.
- 500
- Failure. HTML explains the failure.
Notes
The principalId is assumed to refer directly to an Authorizable, that comes direct from the UserManager. This can be a group or a user, but if its a group, denied permissions will not be added to the group. The group will only contain granted privileges.
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description ModifyAceServlet()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected voidaddAces(@NotNull String resourcePath, @NotNull Principal principal, @NotNull Map<Set<LocalRestriction>,List<LocalPrivilege>> restrictionsToLocalPrivilegesMap, boolean isAllow, @NotNull org.apache.jackrabbit.api.security.JackrabbitAccessControlList acl, Map<javax.jcr.security.Privilege,Integer> privilegeLongestDepthMap)Add ACEs for the specified principal to the ACL.protected voidapplyPrivilegeAndRestrictions(@NotNull Map<javax.jcr.security.Privilege,LocalPrivilege> privilegeToLocalPrivilegesMap, @NotNull javax.jcr.security.Privilege p, boolean allow, @NotNull Set<LocalRestriction> allowRestrictions, boolean deny, @NotNull Set<LocalRestriction> denyRestrictions)Apply the privilege and restrictions to the local privilegesprotected @NotNull Map<String,org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition>buildRestrictionNameToDefinitionMap(@NotNull String resourcePath)Calculate a map of restriction names to the restriction definitionprotected org.apache.jackrabbit.api.security.JackrabbitAccessControlListgetAcl(@NotNull javax.jcr.security.AccessControlManager acm, String resourcePath, Principal principal)Lookup the ACL for the given resourceprotected @Nullable org.apache.jackrabbit.api.security.JackrabbitAccessControlEntrygetJackrabbitAccessControlEntry(@NotNull javax.jcr.security.AccessControlEntry entry, @NotNull String resourcePath, @NotNull Principal forPrincipal)protected @NotNull Map<String,Matcher>getMatchedRequestParameterNames(@NotNull org.apache.sling.api.SlingHttpServletRequest request, @NotNull Pattern pattern)Helper to return a filtered list of parameter names that match the patternprotected voidhandleOperation(org.apache.sling.api.SlingHttpServletRequest request, org.apache.sling.servlets.post.PostResponse response, List<org.apache.sling.servlets.post.Modification> changes)Extending Servlet should implement this operation to do the workprotected @NotNull Map<javax.jcr.security.Privilege,LocalPrivilege>loadStoredAce(@NotNull javax.jcr.security.AccessControlManager acm, @NotNull String resourcePath, @NotNull Principal forPrincipal, @NotNull Map<String,org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition> srMap)Loads the state for the currently stored ACE for the specified principal.voidmodifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Collection<LocalPrivilege> localPrivileges, String order, boolean autoSave)Add or modify the access control entry for the specified user or group.protected voidmodifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Collection<LocalPrivilege> localPrivileges, String order, boolean autoSave, List<org.apache.sling.servlets.post.Modification> changes)voidmodifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Map<String,String> privileges, String order)Add or modify the access control entry for the specified user or group.voidmodifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Map<String,String> privileges, String order, boolean autoSave)Add or modify the access control entry for the specified user or group.voidmodifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Map<String,String> privileges, String order, Map<String,javax.jcr.Value> restrictions, Map<String,javax.jcr.Value[]> mvRestrictions, Set<String> removeRestrictionNames)Add or modify the access control entry for the specified user or group.voidmodifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Map<String,String> privileges, String order, Map<String,javax.jcr.Value> restrictions, Map<String,javax.jcr.Value[]> mvRestrictions, Set<String> removeRestrictionNames, boolean autoSave)Add or modify the access control entry for the specified user or group.protected voidmodifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Map<String,String> privileges, String order, Map<String,javax.jcr.Value> restrictions, Map<String,javax.jcr.Value[]> mvRestrictions, Set<String> removeRestrictionNames, boolean autoSave, List<org.apache.sling.servlets.post.Modification> changes)protected Set<LocalRestriction>postedRestrictionsForPrivilege(@NotNull org.apache.sling.api.SlingHttpServletRequest request, @NotNull Map<String,org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition> srMap, @NotNull javax.jcr.security.Privilege forPrivilege, @NotNull org.apache.sling.jcr.jackrabbit.accessmanager.post.ModifyAceServlet.PrivilegeValues forAllowOrDeny, @NotNull Set<LocalRestriction> generalRestrictions)Populate the restrictions that that were posted and applicable to the requested privilegeprotected voidprocessPostedPrivilegeAndRestrictionParams(@NotNull javax.jcr.security.AccessControlManager acm, @NotNull org.apache.sling.api.SlingHttpServletRequest request, @NotNull Map<String,org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition> srMap, @NotNull Map<javax.jcr.security.Privilege,LocalPrivilege> privilegeToLocalPrivilegesMap, @NotNull Map<javax.jcr.security.Privilege,Integer> privilegeLongestDepthMap)Merge into the privilegeToLocalPrivilegesMap the changes requested in privilege and restriction request parameters.protected voidprocessPostedPrivilegeDeleteParams(@NotNull javax.jcr.security.AccessControlManager acm, @NotNull org.apache.sling.api.SlingHttpServletRequest request, @NotNull Map<javax.jcr.security.Privilege,LocalPrivilege> privilegeToLocalPrivilegesMap)Merge into the privilegeToLocalPrivilegesMap the changes requested in privilege delete request parameters.protected voidprocessPostedRestrictionDeleteParams(@NotNull javax.jcr.security.AccessControlManager acm, @NotNull org.apache.sling.api.SlingHttpServletRequest request, @NotNull Map<String,org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition> srMap, @NotNull Map<javax.jcr.security.Privilege,LocalPrivilege> privilegeToLocalPrivilegesMap)Merge into the privilegeToLocalPrivilegesMap the changes requested in restriction delete request parameters.protected StringremoveAces(@NotNull String resourcePath, @Nullable String order, @NotNull Principal principal, @NotNull org.apache.jackrabbit.api.security.JackrabbitAccessControlList acl)Remove all of the ACEs for the specified principal from the ACLprotected LocalRestrictiontoLocalRestriction(@NotNull org.apache.sling.api.SlingHttpServletRequest request, @NotNull Map<String,org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition> srMap, @NotNull String restrictionName, @NotNull String paramName)Construct a LocalRestriction using data a request parameterprotected @NotNull PrincipalvalidateArgs(javax.jcr.Session jcrSession, String resourcePath, String principalId)Verify that the user supplied arguments are valid-
Methods inherited from class org.apache.sling.jcr.jackrabbit.accessmanager.post.AbstractAccessPostServlet
allowNonExistingPaths, bindPostResponseCreator, createHtmlResponse, doPost, externalizePath, getAccessControlList, getAccessControlListOrNull, getItemPath, getParentPath, getRedirectUrl, getRedirectUrl, handleOperation, isSetStatus, unbindPostResponseCreator, validateResourcePath
-
Methods inherited from class org.apache.sling.jcr.jackrabbit.accessmanager.post.AbstractAccessServlet
bindRestrictionProvider, getRestrictionProvider, unbindRestrictionProvider
-
Methods inherited from class org.apache.sling.api.servlets.SlingAllMethodsServlet
doDelete, doPut, getAllowedRequestMethods, isMethodValid, mayService
-
Methods inherited from class org.apache.sling.api.servlets.SlingSafeMethodsServlet
doGeneric, doGet, doHead, doOptions, doTrace, getServletInfo, handleMethodNotImplemented, service, service
-
-
-
-
Method Detail
-
handleOperation
protected void handleOperation(org.apache.sling.api.SlingHttpServletRequest request, org.apache.sling.servlets.post.PostResponse response, List<org.apache.sling.servlets.post.Modification> changes) throws javax.jcr.RepositoryExceptionDescription copied from class:AbstractAccessPostServletExtending Servlet should implement this operation to do the work- Specified by:
handleOperationin classAbstractAccessPostServlet- Parameters:
request- the sling http request to processresponse- the responsechanges- the changes to report- Throws:
javax.jcr.RepositoryException- if any errors applying the changes
-
validateArgs
@NotNull protected @NotNull Principal validateArgs(javax.jcr.Session jcrSession, String resourcePath, String principalId) throws javax.jcr.RepositoryException
Verify that the user supplied arguments are valid- Parameters:
jcrSession- the JCR sessionresourcePath- the resource pathprincipalId- the principal id- Returns:
- the principal for the requested principalId
- Throws:
javax.jcr.RepositoryException
-
buildRestrictionNameToDefinitionMap
@NotNull protected @NotNull Map<String,org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition> buildRestrictionNameToDefinitionMap(@NotNull @NotNull String resourcePath)
Calculate a map of restriction names to the restriction definition- Parameters:
resourcePath- the path of the resource- Returns:
- map of restriction names to definition
-
loadStoredAce
@NotNull protected @NotNull Map<javax.jcr.security.Privilege,LocalPrivilege> loadStoredAce(@NotNull @NotNull javax.jcr.security.AccessControlManager acm, @NotNull @NotNull String resourcePath, @NotNull @NotNull Principal forPrincipal, @NotNull @NotNull Map<String,org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition> srMap) throws javax.jcr.RepositoryException
Loads the state for the currently stored ACE for the specified principal. The state for any aggregate privilege is expanded to make it easier to merge changes.- Parameters:
acm- the access control managerresourcePath- the resource pathforPrincipal- the principal to load the ace forsrMap- map of restriction names to the restriction definition- Returns:
- the privileges from the ace as a map where the key is the privilege and the value is the LocalPrivilege that encapsulates the state
- Throws:
javax.jcr.RepositoryException
-
getJackrabbitAccessControlEntry
@Nullable protected @Nullable org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry getJackrabbitAccessControlEntry(@NotNull @NotNull javax.jcr.security.AccessControlEntry entry, @NotNull @NotNull String resourcePath, @NotNull @NotNull Principal forPrincipal)
-
getMatchedRequestParameterNames
@NotNull protected @NotNull Map<String,Matcher> getMatchedRequestParameterNames(@NotNull @NotNull org.apache.sling.api.SlingHttpServletRequest request, @NotNull @NotNull Pattern pattern)
Helper to return a filtered list of parameter names that match the pattern- Parameters:
request- the current requestpattern- the regex pattern to match- Returns:
- map of parameter names to Matcher that match the pattern
-
processPostedPrivilegeDeleteParams
protected void processPostedPrivilegeDeleteParams(@NotNull @NotNull javax.jcr.security.AccessControlManager acm, @NotNull @NotNull org.apache.sling.api.SlingHttpServletRequest request, @NotNull @NotNull Map<javax.jcr.security.Privilege,LocalPrivilege> privilegeToLocalPrivilegesMap) throws javax.jcr.RepositoryExceptionMerge into the privilegeToLocalPrivilegesMap the changes requested in privilege delete request parameters.- Parameters:
acm- the access control managerrequest- the current requestprivilegeToLocalPrivilegesMap- the map containing the declared LocalPrivilege items- Throws:
javax.jcr.RepositoryException
-
processPostedRestrictionDeleteParams
protected void processPostedRestrictionDeleteParams(@NotNull @NotNull javax.jcr.security.AccessControlManager acm, @NotNull @NotNull org.apache.sling.api.SlingHttpServletRequest request, @NotNull @NotNull Map<String,org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition> srMap, @NotNull @NotNull Map<javax.jcr.security.Privilege,LocalPrivilege> privilegeToLocalPrivilegesMap) throws javax.jcr.RepositoryExceptionMerge into the privilegeToLocalPrivilegesMap the changes requested in restriction delete request parameters.- Parameters:
acm- the access control managerrequest- the current requestsrMap- map of restriction names to the restriction definitionprivilegeToLocalPrivilegesMap- the map containing the declared LocalPrivilege items- Throws:
javax.jcr.RepositoryException
-
postedRestrictionsForPrivilege
protected Set<LocalRestriction> postedRestrictionsForPrivilege(@NotNull @NotNull org.apache.sling.api.SlingHttpServletRequest request, @NotNull @NotNull Map<String,org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition> srMap, @NotNull @NotNull javax.jcr.security.Privilege forPrivilege, @NotNull @NotNull org.apache.sling.jcr.jackrabbit.accessmanager.post.ModifyAceServlet.PrivilegeValues forAllowOrDeny, @NotNull @NotNull Set<LocalRestriction> generalRestrictions) throws javax.jcr.RepositoryException
Populate the restrictions that that were posted and applicable to the requested privilege- Parameters:
request- the current requestsrMap- map of restriction names to the restriction definitionforPrivilege- the privilege to load the restrictions forforAllowOrDeny- eitherModifyAceServlet.PrivilegeValues.ALLOWorModifyAceServlet.PrivilegeValues.DENYgeneralRestrictions- the general restrictions that are not for a specific privilege- Throws:
javax.jcr.RepositoryException
-
toLocalRestriction
protected LocalRestriction toLocalRestriction(@NotNull @NotNull org.apache.sling.api.SlingHttpServletRequest request, @NotNull @NotNull Map<String,org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition> srMap, @NotNull @NotNull String restrictionName, @NotNull @NotNull String paramName) throws javax.jcr.RepositoryException
Construct a LocalRestriction using data a request parameter- Parameters:
request- the current requestsrMap- map of restriction names to the restriction definitionrestrictionName- the name of the restrictionparamName- the request parameter name that contains the restriction values- Throws:
javax.jcr.RepositoryException
-
processPostedPrivilegeAndRestrictionParams
protected void processPostedPrivilegeAndRestrictionParams(@NotNull @NotNull javax.jcr.security.AccessControlManager acm, @NotNull @NotNull org.apache.sling.api.SlingHttpServletRequest request, @NotNull @NotNull Map<String,org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition> srMap, @NotNull @NotNull Map<javax.jcr.security.Privilege,LocalPrivilege> privilegeToLocalPrivilegesMap, @NotNull @NotNull Map<javax.jcr.security.Privilege,Integer> privilegeLongestDepthMap) throws javax.jcr.RepositoryExceptionMerge into the privilegeToLocalPrivilegesMap the changes requested in privilege and restriction request parameters.- Parameters:
acm- the access control managerrequest- the current requestsrMap- map of restriction names to the restriction definitionprivilegeToLocalPrivilegesMap- the map containing the declared LocalPrivilege itemsprivilegeLongestDepthMap- the map of privileges to their longest depth- Throws:
javax.jcr.RepositoryException
-
applyPrivilegeAndRestrictions
protected void applyPrivilegeAndRestrictions(@NotNull @NotNull Map<javax.jcr.security.Privilege,LocalPrivilege> privilegeToLocalPrivilegesMap, @NotNull @NotNull javax.jcr.security.Privilege p, boolean allow, @NotNull @NotNull Set<LocalRestriction> allowRestrictions, boolean deny, @NotNull @NotNull Set<LocalRestriction> denyRestrictions) throws javax.jcr.RepositoryExceptionApply the privilege and restrictions to the local privileges- Parameters:
privilegeToLocalPrivilegesMap- the map containing the declared LocalPrivilege itemsp- the privilegeallow- true if the privilege is to be allowedallowRestrictions- restrictions (if any) for the allowdeny- true if the privilege is to be denieddenyRestrictions- restrictions (if any) for the deny- Throws:
javax.jcr.RepositoryException
-
getAcl
protected org.apache.jackrabbit.api.security.JackrabbitAccessControlList getAcl(@NotNull @NotNull javax.jcr.security.AccessControlManager acm, String resourcePath, Principal principal) throws javax.jcr.RepositoryExceptionLookup the ACL for the given resource- Parameters:
acm- the access control managerresourcePath- the resource pathprincipal- the principal for principalbased ACL- Returns:
- the found ACL object
- Throws:
javax.jcr.RepositoryException
-
removeAces
protected String removeAces(@NotNull @NotNull String resourcePath, @Nullable @Nullable String order, @NotNull @NotNull Principal principal, @NotNull @NotNull org.apache.jackrabbit.api.security.JackrabbitAccessControlList acl) throws javax.jcr.RepositoryException
Remove all of the ACEs for the specified principal from the ACL- Parameters:
order- the requested order (may be null)principal- the principal whose aces should be removedacl- the access control list to update- Returns:
- the original order if it was supplied, otherwise the order of the first ACE
- Throws:
javax.jcr.RepositoryException
-
addAces
protected void addAces(@NotNull @NotNull String resourcePath, @NotNull @NotNull Principal principal, @NotNull @NotNull Map<Set<LocalRestriction>,List<LocalPrivilege>> restrictionsToLocalPrivilegesMap, boolean isAllow, @NotNull @NotNull org.apache.jackrabbit.api.security.JackrabbitAccessControlList acl, Map<javax.jcr.security.Privilege,Integer> privilegeLongestDepthMap) throws javax.jcr.RepositoryExceptionAdd ACEs for the specified principal to the ACL. One ACE is added for each unique restriction set.- Parameters:
resourcePath- the path of the resourceprincipal- the principal whose aces should be addedrestrictionsToLocalPrivilegesMap- the map containing the restrictions mapped to the LocalPrivlege items with those resrictionsisAllow- true for 'allow' ACE, false for 'deny' ACEacl- the access control list to update- Throws:
javax.jcr.RepositoryException
-
modifyAce
public void modifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Map<String,String> privileges, String order, boolean autoSave) throws javax.jcr.RepositoryExceptionDescription copied from interface:ModifyAceAdd or modify the access control entry for the specified user or group.- Specified by:
modifyAcein interfaceModifyAce- Parameters:
jcrSession- the JCR session of the user updating the userresourcePath- The absolute path of the resource to apply the ACE to (required)principalId- The name of the user/group to provision (required)privileges- Map of privileges to apply. (optional)order- where the access control entry should go in the list.The value should be one of these: null If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position. first Place the target ACE as the first amongst its siblings last Place the target ACE as the last amongst its siblings before xyz Place the target ACE immediately before the sibling whose name is xyz after xyz Place the target ACE immediately after the sibling whose name is xyz numeric Place the target ACE at the specified numeric index autoSave- true to automatically save changes to the JCR session, false otherwise- Throws:
javax.jcr.RepositoryException- if any errors applying the changes
-
modifyAce
public void modifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Map<String,String> privileges, String order) throws javax.jcr.RepositoryExceptionDescription copied from interface:ModifyAceAdd or modify the access control entry for the specified user or group. This is equivalent toModifyAce.modifyAce(Session, String, String, Map, String, boolean)with the autoSave parameter value equal to true.- Specified by:
modifyAcein interfaceModifyAce- Parameters:
jcrSession- the JCR session of the user updating the userresourcePath- The absolute path of the resource to apply the ACE to (required)principalId- The name of the user/group to provision (required)privileges- Map of privileges to apply. (optional)order- where the access control entry should go in the list.The value should be one of these: null If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position. first Place the target ACE as the first amongst its siblings last Place the target ACE as the last amongst its siblings before xyz Place the target ACE immediately before the sibling whose name is xyz after xyz Place the target ACE immediately after the sibling whose name is xyz numeric Place the target ACE at the specified numeric index - Throws:
javax.jcr.RepositoryException- if any errors applying the changes
-
modifyAce
public void modifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Map<String,String> privileges, String order, Map<String,javax.jcr.Value> restrictions, Map<String,javax.jcr.Value[]> mvRestrictions, Set<String> removeRestrictionNames) throws javax.jcr.RepositoryExceptionDescription copied from interface:ModifyAceAdd or modify the access control entry for the specified user or group. This is equivalent toModifyAce.modifyAce(Session, String, String, Map, String, Map, Map, Set, boolean)with the autoSave parameter value equal to true.- Specified by:
modifyAcein interfaceModifyAce- Parameters:
jcrSession- the JCR session of the user updating the userresourcePath- The absolute path of the resource to apply the ACE to (required)principalId- The name of the user/group to provision (required)privileges- Map of privileges to apply. (optional)order- where the access control entry should go in the list.The value should be one of these: null If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position. first Place the target ACE as the first amongst its siblings last Place the target ACE as the last amongst its siblings before xyz Place the target ACE immediately before the sibling whose name is xyz after xyz Place the target ACE immediately after the sibling whose name is xyz numeric Place the target ACE at the specified numeric index restrictions- Map of single-value restrictions to apply. (optional)mvRestrictions- Map of multi-value restrictions to apply. (optional)removeRestrictionNames- Set of existing restriction names to remove (optional)- Throws:
javax.jcr.RepositoryException- if any errors applying the changes
-
modifyAce
public void modifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Map<String,String> privileges, String order, Map<String,javax.jcr.Value> restrictions, Map<String,javax.jcr.Value[]> mvRestrictions, Set<String> removeRestrictionNames, boolean autoSave) throws javax.jcr.RepositoryExceptionDescription copied from interface:ModifyAceAdd or modify the access control entry for the specified user or group.- Specified by:
modifyAcein interfaceModifyAce- Parameters:
jcrSession- the JCR session of the user updating the userresourcePath- The absolute path of the resource to apply the ACE to (required)principalId- The name of the user/group to provision (required)privileges- Map of privileges to apply. (optional)order- where the access control entry should go in the list.The value should be one of these: null If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position. first Place the target ACE as the first amongst its siblings last Place the target ACE as the last amongst its siblings before xyz Place the target ACE immediately before the sibling whose name is xyz after xyz Place the target ACE immediately after the sibling whose name is xyz numeric Place the target ACE at the specified numeric index restrictions- Map of single-value restrictions to apply. (optional)mvRestrictions- Map of multi-value restrictions to apply. (optional)removeRestrictionNames- Set of existing restriction names to remove (optional)autoSave- true to automatically save changes to the JCR session, false otherwise- Throws:
javax.jcr.RepositoryException- if any errors applying the changes
-
modifyAce
protected void modifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Map<String,String> privileges, String order, Map<String,javax.jcr.Value> restrictions, Map<String,javax.jcr.Value[]> mvRestrictions, Set<String> removeRestrictionNames, boolean autoSave, List<org.apache.sling.servlets.post.Modification> changes) throws javax.jcr.RepositoryException- Throws:
javax.jcr.RepositoryException
-
modifyAce
public void modifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Collection<LocalPrivilege> localPrivileges, String order, boolean autoSave) throws javax.jcr.RepositoryExceptionDescription copied from interface:ModifyAceAdd or modify the access control entry for the specified user or group.- Specified by:
modifyAcein interfaceModifyAce- Parameters:
jcrSession- the JCR session of the user updating the userresourcePath- The absolute path of the resource to apply the ACE to (required)principalId- The name of the user/group to provision (required)localPrivileges- collection of privileges to apply.order- where the access control entry should go in the list.The value should be one of these: null If the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position. first Place the target ACE as the first amongst its siblings last Place the target ACE as the last amongst its siblings before xyz Place the target ACE immediately before the sibling whose name is xyz after xyz Place the target ACE immediately after the sibling whose name is xyz numeric Place the target ACE at the specified numeric index autoSave- true to automatically save changes to the JCR session, false otherwise- Throws:
javax.jcr.RepositoryException- if any errors applying the changes
-
modifyAce
protected void modifyAce(javax.jcr.Session jcrSession, String resourcePath, String principalId, Collection<LocalPrivilege> localPrivileges, String order, boolean autoSave, List<org.apache.sling.servlets.post.Modification> changes) throws javax.jcr.RepositoryException- Throws:
javax.jcr.RepositoryException
-
-