Thursday, December 29, 2011

How to check if some one has replication rights for a path in CQ5 / WEM

You can use following code

import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import com.day.cq.replication.Replicator;
import javax.jcr.Session;

public static boolean canReplicate(String path, Session session) throws RepositoryException {
AccessControlManager acMgr = session.getAccessControlManager();
return session.getAccessControlManager().hasPrivileges(path, new Privilege[] {acMgr.privilegeFromName(Replicator.REPLICATE_PRIVILEGE)});
}

In fact you can use this code to check any rights. Just replace privilege with any privilege in http://jackrabbit.apache.org/api/1.5/org/apache/jackrabbit/api/jsr283/security/Privilege.html

For example


privilegios[0] = acMgr.privilegeFromName(Privilege.JCR_READ);
privilegios[1] = acMgr.privilegeFromName(Privilege.JCR_ADD_CHILD_NODES);
privilegios[2] = acMgr.privilegeFromName(Privilege.JCR_REMOVE_CHILD_NODES);
.. More

7 comments:

  1. This comment has been removed by the author.

    ReplyDelete
    Replies
    1. You can create session for any user you want using admin session and then impersonate or logged in session.

      Yogesh

      Delete
    2. Sorry, i was thinking that my question was really stupid. So my question would be: in a system with about 1500 to 3000 authors, about 100 groups and fine graned access control policies. How would i perform this check for like ... any user.

      Delete
    3. You can create a utility that can take user name and give you access right. Also you can use crxde light and login as admin and for any path you can check effective permission (Either jcr:all or crx:replicate). Or through CRX explorer login in to crx explorer and then go to :/crx/explorer/ui/acltest.jsp to test.

      Delete
  2. Hi Yogesh
    How can I get the source code for /crx/explorer/ui/acltest.jsp ? I tried to search in CRX but I could n't find it. I appreciate if you could let me know the location for this jsp file
    Shaji

    ReplyDelete