Package org.apache.sling.jcr.jackrabbit.accessmanager.post

Class ModifyAceServlet

  • All Implemented Interfaces:
    Serializable, javax.servlet.Servlet, javax.servlet.ServletConfig, ModifyAce
    public class ModifyAceServlet
extends AbstractAccessPostServlet
implements ModifyAce

    Sling Post Servlet implementation for modifying the ACEs for a principal on a JCR resource.

    Rest Service Description

    Modify a principal's ACEs for the node identified as a resource by the request URL >resource<.modifyAce.html

    Transport Details:

    Methods

    • POST

    Post Parameters

    principalId
    The principal of the ACEs to modify in the ACL specified by the path.
    privilege@*
    One or more privileges, either granted or denied or none, which will be applied to (or removed from) the node ACL. Any permissions that are present in an existing ACE for the principal but not in the request are left untouched.
    restriction@*
    One or more restrictions which will be applied to the ACE
    restriction@*@Delete
    One or more restrictions which will be removed from the ACE

    Response

    200
    Success.
    404
    The resource was not found.
    500
    Failure. HTML explains the failure.

    Notes

    The principalId is assumed to refer directly to an Authorizable, that comes direct from the UserManager. This can be a group or a user, but if its a group, denied permissions will not be added to the group. The group will only contain granted privileges.

    See Also:
    Serialized Form

    • Constructor Detail

      • ModifyAceServlet

        public ModifyAceServlet()

    • Method Detail

      • bindRestrictionProvider

        protected void bindRestrictionProvider​(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider rp)

      • unbindRestrictionProvider

        protected void unbindRestrictionProvider​(org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider rp)

      • bindPostResponseCreator

        protected void bindPostResponseCreator​(org.apache.sling.servlets.post.PostResponseCreator creator,
                                       Map<String,​Object> properties)
        Overridden since the @Reference annotation is not inherited from the super method
        Overrides:
        bindPostResponseCreator in class AbstractAccessPostServlet
        Parameters:
        creator - the response creator service reference
        properties - the component properties for the service reference

      • unbindPostResponseCreator

        protected void unbindPostResponseCreator​(org.apache.sling.servlets.post.PostResponseCreator creator,
                                         Map<String,​Object> properties)
        Description copied from class: AbstractAccessPostServlet
        Unbind a post response creator
        Overrides:
        unbindPostResponseCreator in class AbstractAccessPostServlet
        Parameters:
        creator - the response creator service reference
        properties - the component properties for the service reference

      • handleOperation

        protected void handleOperation​(org.apache.sling.api.SlingHttpServletRequest request,
                               org.apache.sling.servlets.post.PostResponse response,
                               List<org.apache.sling.servlets.post.Modification> changes)
                        throws javax.jcr.RepositoryException
        Description copied from class: AbstractAccessPostServlet
        Extending Servlet should implement this operation to do the work
        Specified by:
        handleOperation in class AbstractAccessPostServlet
        Parameters:
        request - the sling http request to process
        response - the response
        changes - the changes to report
        Throws:
        javax.jcr.RepositoryException - if any errors applying the changes

      • modifyAce

        public void modifyAce​(javax.jcr.Session jcrSession,
                      String resourcePath,
                      String principalId,
                      Map<String,​String> privileges,
                      String order,
                      boolean autoSave)
               throws javax.jcr.RepositoryException
        Description copied from interface: ModifyAce
        Add or modify the access control entry for the specified user or group.
        Specified by:
        modifyAce in interface ModifyAce
        Parameters:
        jcrSession - the JCR session of the user updating the user
        resourcePath - The absolute path of the resource to apply the ACE to (required)
        principalId - The name of the user/group to provision (required)
        privileges - Map of privileges to apply. (optional)
        order - where the access control entry should go in the list.
        The value should be one of these:
        nullIf the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position.
        firstPlace the target ACE as the first amongst its siblings
        lastPlace the target ACE as the last amongst its siblings
        before xyzPlace the target ACE immediately before the sibling whose name is xyz
        after xyzPlace the target ACE immediately after the sibling whose name is xyz
        numericPlace the target ACE at the specified numeric index
        autoSave - true to automatically save changes to the JCR session, false otherwise
        Throws:
        javax.jcr.RepositoryException - if any errors applying the changes

      • modifyAce

        public void modifyAce​(javax.jcr.Session jcrSession,
                      String resourcePath,
                      String principalId,
                      Map<String,​String> privileges,
                      String order)
               throws javax.jcr.RepositoryException
        Description copied from interface: ModifyAce
        Add or modify the access control entry for the specified user or group. This is equivalent to ModifyAce.modifyAce(Session, String, String, Map, String, boolean) with the autoSave parameter value equal to true.
        Specified by:
        modifyAce in interface ModifyAce
        Parameters:
        jcrSession - the JCR session of the user updating the user
        resourcePath - The absolute path of the resource to apply the ACE to (required)
        principalId - The name of the user/group to provision (required)
        privileges - Map of privileges to apply. (optional)
        order - where the access control entry should go in the list.
        The value should be one of these:
        nullIf the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position.
        firstPlace the target ACE as the first amongst its siblings
        lastPlace the target ACE as the last amongst its siblings
        before xyzPlace the target ACE immediately before the sibling whose name is xyz
        after xyzPlace the target ACE immediately after the sibling whose name is xyz
        numericPlace the target ACE at the specified numeric index
        Throws:
        javax.jcr.RepositoryException - if any errors applying the changes

      • modifyAce

        public void modifyAce​(javax.jcr.Session jcrSession,
                      String resourcePath,
                      String principalId,
                      Map<String,​String> privileges,
                      String order,
                      Map<String,​javax.jcr.Value> restrictions,
                      Map<String,​javax.jcr.Value[]> mvRestrictions,
                      Set<String> removeRestrictionNames)
               throws javax.jcr.RepositoryException
        Description copied from interface: ModifyAce
        Add or modify the access control entry for the specified user or group. This is equivalent to ModifyAce.modifyAce(Session, String, String, Map, String, Map, Map, Set, boolean) with the autoSave parameter value equal to true.
        Specified by:
        modifyAce in interface ModifyAce
        Parameters:
        jcrSession - the JCR session of the user updating the user
        resourcePath - The absolute path of the resource to apply the ACE to (required)
        principalId - The name of the user/group to provision (required)
        privileges - Map of privileges to apply. (optional)
        order - where the access control entry should go in the list.
        The value should be one of these:
        nullIf the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position.
        firstPlace the target ACE as the first amongst its siblings
        lastPlace the target ACE as the last amongst its siblings
        before xyzPlace the target ACE immediately before the sibling whose name is xyz
        after xyzPlace the target ACE immediately after the sibling whose name is xyz
        numericPlace the target ACE at the specified numeric index
        restrictions - Map of single-value restrictions to apply. (optional)
        mvRestrictions - Map of multi-value restrictions to apply. (optional)
        removeRestrictionNames - Set of existing restriction names to remove (optional)
        Throws:
        javax.jcr.RepositoryException - if any errors applying the changes

      • modifyAce

        public void modifyAce​(javax.jcr.Session jcrSession,
                      String resourcePath,
                      String principalId,
                      Map<String,​String> privileges,
                      String order,
                      Map<String,​javax.jcr.Value> restrictions,
                      Map<String,​javax.jcr.Value[]> mvRestrictions,
                      Set<String> removeRestrictionNames,
                      boolean autoSave)
               throws javax.jcr.RepositoryException
        Description copied from interface: ModifyAce
        Add or modify the access control entry for the specified user or group.
        Specified by:
        modifyAce in interface ModifyAce
        Parameters:
        jcrSession - the JCR session of the user updating the user
        resourcePath - The absolute path of the resource to apply the ACE to (required)
        principalId - The name of the user/group to provision (required)
        privileges - Map of privileges to apply. (optional)
        order - where the access control entry should go in the list.
        The value should be one of these:
        nullIf the ACE for the principal doesn't exist add at the end, otherwise leave the ACE at it's current position.
        firstPlace the target ACE as the first amongst its siblings
        lastPlace the target ACE as the last amongst its siblings
        before xyzPlace the target ACE immediately before the sibling whose name is xyz
        after xyzPlace the target ACE immediately after the sibling whose name is xyz
        numericPlace the target ACE at the specified numeric index
        restrictions - Map of single-value restrictions to apply. (optional)
        mvRestrictions - Map of multi-value restrictions to apply. (optional)
        removeRestrictionNames - Set of existing restriction names to remove (optional)
        autoSave - true to automatically save changes to the JCR session, false otherwise
        Throws:
        javax.jcr.RepositoryException - if any errors applying the changes

      • modifyAce

        protected void modifyAce​(javax.jcr.Session jcrSession,
                         String resourcePath,
                         String principalId,
                         Map<String,​String> privileges,
                         String order,
                         Map<String,​javax.jcr.Value> restrictions,
                         Map<String,​javax.jcr.Value[]> mvRestrictions,
                         Set<String> removeRestrictionNames,
                         boolean autoSave,
                         List<org.apache.sling.servlets.post.Modification> changes)
                  throws javax.jcr.RepositoryException
        Throws:
        javax.jcr.RepositoryException