|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface ResourceAccessGate
The ResourceAccessGate
defines a service API which might be used
to make some restrictions to accessing resources.
Implementations of this service interface must be registered like
ResourceProvider with a path (like provider.roots). If different
ResourceAccessGateService services match a path, not only the
ResourceAccessGateService with the longest path will be called, but all of
them, that's in contrast to the ResourceProvider, but in this case more
logical (and secure!). The gates will be called in the order of the
service ranking.
If one of the gates grants access for a given operation access will be granted.
service properties:
GateResult.DONTCARE
PROVIDER_CONTEXT
,
in this case the gate is only applied to resource providers requesting the
security checks. Or the context can be APPLICATION_CONTEXT
. In this
case the access gate is invoked for the whole resource tree.
This is indicated by the required service property CONTEXT
. If the
property is missing or invalid, the service is ignored.
Nested Class Summary | |
---|---|
static class |
ResourceAccessGate.GateResult
GateResult defines 3 possible states which can be returned
by the different canXXX methods of this interface. |
static class |
ResourceAccessGate.Operation
|
Field Summary | |
---|---|
static String |
APPLICATION_CONTEXT
Allowed value for the CONTEXT service registration property. |
static String |
CONTEXT
The name of the service registration property containing the context of this service. |
static String |
FINALOPERATIONS
The name of the service registration property containing the operations for which the service should be called and no further service should be called after this, except the services returns DONTCARE as result, default is empty (non of them are final) (value is "finaloperations"). |
static String |
OPERATIONS
The name of the service registration property containing the operations for which the service should be called, defaults to all the operations (value is "operations"). |
static String |
PATH
The name of the service registration property containing the path as a regular expression for which the service should be called (value is "path"). |
static String |
PROVIDER_CONTEXT
Allowed value for the CONTEXT service registration property. |
static String |
SERVICE_NAME
The service name to use when registering implementations of this interface as services (value is "org.apache.sling.api.resource.ResourceAccessGate"). |
Method Summary | |
---|---|
ResourceAccessGate.GateResult |
canCreate(String absPathName,
org.apache.sling.api.resource.ResourceResolver resourceResolver)
|
boolean |
canCreateAllValues(org.apache.sling.api.resource.Resource resource)
|
ResourceAccessGate.GateResult |
canCreateValue(org.apache.sling.api.resource.Resource resource,
String valueName)
|
ResourceAccessGate.GateResult |
canDelete(org.apache.sling.api.resource.Resource resource)
|
boolean |
canDeleteAllValues(org.apache.sling.api.resource.Resource resource)
|
ResourceAccessGate.GateResult |
canDeleteValue(org.apache.sling.api.resource.Resource resource,
String valueName)
|
ResourceAccessGate.GateResult |
canExecute(org.apache.sling.api.resource.Resource resource)
|
ResourceAccessGate.GateResult |
canRead(org.apache.sling.api.resource.Resource resource)
|
boolean |
canReadAllValues(org.apache.sling.api.resource.Resource resource)
|
ResourceAccessGate.GateResult |
canReadValue(org.apache.sling.api.resource.Resource resource,
String valueName)
|
ResourceAccessGate.GateResult |
canUpdate(org.apache.sling.api.resource.Resource resource)
|
boolean |
canUpdateAllValues(org.apache.sling.api.resource.Resource resource)
|
ResourceAccessGate.GateResult |
canUpdateValue(org.apache.sling.api.resource.Resource resource,
String valueName)
|
boolean |
hasCreateRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
|
boolean |
hasDeleteRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
|
boolean |
hasExecuteRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
|
boolean |
hasReadRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
|
boolean |
hasUpdateRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
|
String |
transformQuery(String query,
String language,
org.apache.sling.api.resource.ResourceResolver resourceResolver)
Allows to transform the query based on the current user's credentials. |
Field Detail |
---|
static final String SERVICE_NAME
static final String CONTEXT
APPLICATION_CONTEXT
and
PROVIDER_CONTEXT
.
This property is required and has no default value.
(value is "access.context")
static final String APPLICATION_CONTEXT
CONTEXT
service registration property.
Services marked with this context are applied to all resources.
static final String PROVIDER_CONTEXT
CONTEXT
service registration property.
Services marked with this context are only applied to resource
providers which indicate the additional checks with the
ResourceProvider.USE_RESOURCE_ACCESS_SECURITY
property.
static final String PATH
static final String OPERATIONS
static final String FINALOPERATIONS
Method Detail |
---|
ResourceAccessGate.GateResult canRead(org.apache.sling.api.resource.Resource resource)
ResourceAccessGate.GateResult canCreate(String absPathName, org.apache.sling.api.resource.ResourceResolver resourceResolver)
ResourceAccessGate.GateResult canUpdate(org.apache.sling.api.resource.Resource resource)
ResourceAccessGate.GateResult canDelete(org.apache.sling.api.resource.Resource resource)
ResourceAccessGate.GateResult canExecute(org.apache.sling.api.resource.Resource resource)
ResourceAccessGate.GateResult canReadValue(org.apache.sling.api.resource.Resource resource, String valueName)
ResourceAccessGate.GateResult canCreateValue(org.apache.sling.api.resource.Resource resource, String valueName)
ResourceAccessGate.GateResult canUpdateValue(org.apache.sling.api.resource.Resource resource, String valueName)
ResourceAccessGate.GateResult canDeleteValue(org.apache.sling.api.resource.Resource resource, String valueName)
String transformQuery(String query, String language, org.apache.sling.api.resource.ResourceResolver resourceResolver) throws org.apache.sling.api.security.AccessSecurityException
query
- the querylanguage
- the language in which the query is expressedresourceResolver
- the resource resolver which resolves the query
null
org.apache.sling.api.security.AccessSecurityException
boolean hasReadRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
boolean hasCreateRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
boolean hasUpdateRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
boolean hasDeleteRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
boolean hasExecuteRestrictions(org.apache.sling.api.resource.ResourceResolver resourceResolver)
boolean canReadAllValues(org.apache.sling.api.resource.Resource resource)
boolean canCreateAllValues(org.apache.sling.api.resource.Resource resource)
boolean canUpdateAllValues(org.apache.sling.api.resource.Resource resource)
boolean canDeleteAllValues(org.apache.sling.api.resource.Resource resource)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |