PLFSecureJCRFoldersUpgradePlugin.java

package org.exoplatform.platform.upgrade.plugins;

import org.exoplatform.commons.upgrade.UpgradeProductPlugin;
import org.exoplatform.container.xml.InitParams;
import org.exoplatform.services.jcr.RepositoryService;
import org.exoplatform.services.jcr.core.ExtendedNode;
import org.exoplatform.services.jcr.ext.common.SessionProvider;
import org.exoplatform.services.jcr.ext.hierarchy.NodeHierarchyCreator;
import org.exoplatform.services.log.ExoLogger;
import org.exoplatform.services.log.Log;
import org.exoplatform.services.security.IdentityConstants;

import javax.jcr.Node;
import javax.jcr.Session;

public class PLFSecureJCRFoldersUpgradePlugin extends UpgradeProductPlugin {

  private static final Log LOG = ExoLogger.getLogger(PLFSecureJCRFoldersUpgradePlugin.class.getName());
  private static final String HOME = "exo:LoginHistoryHome";

  private RepositoryService repoService;
  private NodeHierarchyCreator nodeHierarchyCreator;
  private SessionProvider sessionProvider;

  public PLFSecureJCRFoldersUpgradePlugin(RepositoryService repoService, NodeHierarchyCreator nodeHierarchyCreator, InitParams initParams) {
    super(initParams);
    this.repoService = repoService;
    this.nodeHierarchyCreator = nodeHierarchyCreator;
  }

  @Override
  public void processUpgrade(String oldVersion, String newVersion) {
    SessionProvider sessionProvider = SessionProvider.createSystemProvider();

    migrateCollaboration(sessionProvider);

    migrateGadgets(sessionProvider);

    migrateUsers(sessionProvider);

    migrateLoginHistory(sessionProvider);

    sessionProvider.close();
  }

  // Remove public access permission from root node of collaboration workspace
  private void migrateCollaboration(SessionProvider sessionProvider) {
    try {
      String ws = repoService.getCurrentRepository().getConfiguration().getDefaultWorkspaceName();
      Session session = sessionProvider.getSession(ws, repoService.getCurrentRepository());

      Node node = session.getRootNode();
      ((ExtendedNode) node).removePermission(IdentityConstants.ANY);
      session.save();
    } catch (Exception e) {
      if (LOG.isErrorEnabled()) {
        LOG.error("An unexpected error occurs when migrate Collaboration workspace", e);
      }
    }
  }

  // Remove public access permission from gadgets node
  private void migrateGadgets(SessionProvider sessionProvider) {
    try {
      Session session = sessionProvider.getSession("portal-system", repoService.getCurrentRepository());

      Node node = (Node)session.getItem("/production/app:gadgets");
      ((ExtendedNode) node).removePermission(IdentityConstants.ANY);
      session.save();
    } catch (Exception e) {
      if (LOG.isErrorEnabled()) {
        LOG.error("An unexpected error occurs when migrate /production/app:gadgets", e);
      }
    }
  }

  // Remove normal users access permission from /Users node
  private void migrateUsers(SessionProvider sessionProvider) {
    try {
      String ws = repoService.getCurrentRepository().getConfiguration().getDefaultWorkspaceName();
      Session session = sessionProvider.getSession(ws, repoService.getCurrentRepository());

      Node groups = (Node)session.getItem(nodeHierarchyCreator.getJcrPath("usersPath"));
      ((ExtendedNode) groups).removePermission("*:/platform/users");
      session.save();
    } catch (Exception e) {
      if (LOG.isErrorEnabled()) {
        LOG.error("An unexpected error occurs when migrate /Users", e);
      }
    }
  }

  // Remove normal users access permission from login history home node
  private void migrateLoginHistory(SessionProvider sessionProvider) {
    try {
      String ws = repoService.getCurrentRepository().getConfiguration().getDefaultWorkspaceName();
      Session session = sessionProvider.getSession(ws, repoService.getCurrentRepository());

      Node rootNode = session.getRootNode();
      if (rootNode.hasNode(HOME)) {
        Node node = rootNode.getNode(HOME);
        ((ExtendedNode) node).removePermission("*:/platform/users");
      }
      session.save();
    } catch (Exception e) {
      if (LOG.isErrorEnabled()) {
        LOG.error("An unexpected error occurs when migrate /exo:LoginHistoryHome", e);
      }
    }
  }
}