java source code of Purge

APM-master
- gradle.properties
- gradle
  - gradle.properties
  - wrapper
    - gradle-wrapper.properties
    - gradle-wrapper.jar
  - META-INF
    - vault
      - definition
        .content.xml
  - common.gradle.kts
- examples
  - src
    - aem
      - package
        validator
        initial
        META-INF
        vault
        nodetypes.cnd
    - main
      - content
        jcr_root
        conf
        apm
        scripts
        examples
        authorizables.apm.dir
        .content.xml
        contexts.apm.dir
        .content.xml
        to-import
        script-to-import.apm
        script-to-import.apm.dir
        .content.xml
        import-and-run.apm.dir
        .content.xml
        import-and-run.apm
        permissions.apm.dir
        .content.xml
        authorizables.apm
        permissions.apm
        contexts.apm
        META-INF
        vault
        filter.xml
        config.xml
        definition
  - build.gradle.kts
- gradlew.bat
- LICENSE
- gradlew
- CONTRIBUTING.md
- misc
  - apm-logo-blue.svg
  - apm-logo-white.svg
- .gitattributes
- buildSrc
  - build.gradle.kts
- .travis.yml
- README.md
- build.gradle.kts
- app
  - aem
    - actions.checks
      - src
        main
        java
        com
        cognifide
        apm
        checks
        utils
        MessagingUtils.java
        ActionUtils.java
        actions
        password
        CheckPassword.java
        CheckPasswordMapper.java
        include
        CheckIncludes.java
        CheckIncludesMapper.java
        notexists
        CheckNotExistsMapper.java
        CheckNotExists.java
        exists
        CheckAuthorizableExists.java
        CheckUserExistsMapper.java
        CheckGroupExistsMapper.java
        property
        CheckPropertyMapper.java
        CheckProperty.java
        ActionGroup.java
        permissions
        CheckPermissions.java
        CheckAllowMapper.java
        CheckDenyMapper.java
        exclude
        CheckExcludesMapper.java
        CheckExcludes.java
      - build.gradle.kts
    - actions.main
      - src
        main
        java
        com
        cognifide
        apm
        main
        utils
        MessagingUtils.java
        ActionUtils.java
        actions
        removeparentsgroups
        RemoveParentsGroupsMapper.java
        RemoveParentsGroups.java
        forauthorizable
        ForUserMapper.java
        ForGroupMapper.java
        ForAuthorizable.java
        removechildrengroups
        RemoveChildrenGroups.java
        RemoveChildrenGroupsMapper.java
        ClearFromGroupDetacher.java
        CommonFlags.java
        allow
        AllowMapper.java
        Allow.java
        removeparents
        RemoveParents.java
        RemoveParentsMapper.java
        RemoveFromGroupMapper.java
        removechildren
        RemoveChildrenMapper.java
        RemoveChildren.java
        deletegroup
        DeleteGroup.java
        DeleteGroupMapper.java
        setproperty
        SetProperty.java
        SetPropertyMapper.java
        addchildren
        AddChildren.java
        AddChildrenMapper.java
        createauthorizablethen
        CreateAuthorizableThen.java
        internal
        RunMapper.java
        ImportMapper.java
        ForEachMapper.java
        RequireMapper.java
        DefineMapper.java
        deny
        Deny.java
        DenyMapper.java
        sessionsave
        SessionSave.java
        SessionSaveMapper.java
        clearpermissions
        RemoveAll.java
        Purge.java
        ClearMapper.java
        ClearPermissionsMapper.java
        ActionGroup.java
        setpassword
        SetPassword.java
        SetPasswordMapper.java
        addparents
        AddParents.java
        AddParentsMapper.java
        AddToGroupMapper.java
        removeproperty
        RemovePropertyMapper.java
        RemoveProperty.java
        save
        SaveMapper.java
        Save.java
        createauthorizable
        CreateUserMapper.java
        CreateGroupMapper.java
        CreateAuthorizableStrategy.java
        CreateSystemUserMapper.java
        CreateAuthorizable.java
        deleteuser
        DestroyUser.java
        DeleteUserMapper.java
        RemoveUser.java
        RandomPasswordGenerator.java
        permissions
        utils
        JackrabbitAccessControlListUtil.java
        PermissionActionHelper.java
        PrivilegeGroup.java
        Restrictions.java
        exceptions
        PermissionException.java
        CompositeAction.java
      - build.gradle.kts
    - ui.apps
      - src
        main
        content
        jcr_root
        home
        users
        system
        apm-system-user
        .content.xml
        _oak_index
        apmScripts
        .content.xml
        .content.xml
        apmHistory
        .content.xml
        apps
        cq
        core
        content
        nav
        tools
        security
        .content.xml
        apm
        views
        edit
        .content.xml
        view
        .content.xml
        .content.xml
        scripts
        .content.xml
        history
        .content.xml
        references
        .content.xml
        summary
        .content.xml
        dashboard
        .content.xml
        components
        console
        .content.xml
        console.html
        dashboardTile
        dashboardTile.html
        .content.xml
        summaryTable
        summaryTable.html
        .content.xml
        scriptLaunch
        scriptDetails.html
        .content.xml
        historyRow
        historyRow.html
        .content.xml
        reference
        reference.html
        .content.xml
        scriptDetails
        scriptDetails.html
        .content.xml
        saveAndCloseButton
        saveAndCloseButton.html
        .content.xml
        scriptsRow
        scriptsRow.html
        .content.xml
        config
        org.apache.sling.jcr.base.internal.LoginAdminWhitelist.fragment-apm.xml
        org.apache.sling.jcr.base.internal.LoginAdminWhitelist.fragment-cqactions.xml
        org.apache.sling.event.jobs.QueueConfiguration-scriptRunner.xml
        org.apache.sling.serviceusermapping.impl.ServiceUserMapperImpl.amended-apm-system-user.xml
        install
        .vltignore
        fragments
        scriptLauncher
        .content.xml
        .content.xml
        .content.xml
        clientlibs
        views
        shell
        images
        apm-logo-white.svg
        .content.xml
        css
        styles.less
        css.txt
        editorGrid
        js.txt
        .content.xml
        js
        apm-editor-grid.js
        css
        styles.less
        css.txt
        edit
        js.txt
        .content.xml
        js
        apm-edit.js
        css
        styles.less
        css.txt
        view
        js.txt
        .content.xml
        js
        apm-view.js
        css
        styles.less
        css.txt
        scripts
        js.txt
        .content.xml
        js
        apm-scripts.js
        fileupload.js
        css
        styles.less
        css.txt
        history
        img
        icons
        js.txt
        .content.xml
        js
        apm-history.js
        css
        history.less
        css.txt
        references
        img
        icons
        .content.xml
        css
        references.less
        css.txt
        summary
        .content.xml
        css
        styles.less
        css.txt
        dashboard
        .content.xml
        css
        styles.less
        css.txt
        externals
        ace
        js.txt
        .content.xml
        js
        ext-statusbar.js
        ext-language_tools.js
        ext-searchbox.js
        snippets
        text.js
        cqsm.js
        ext-linking.js
        ext-error_marker.js
        ext-emmet.js
        token_tooltip.js
        ext-static_highlight.js
        ext-elastic_tabstops_lite.js
        ext-settings_menu.js
        ext-keybinding_menu.js
        ext-whitespace.js
        ext-spellcheck.js
        ext-old_ie.js
        ext-split.js
        ext-beautify.js
        THIRD-PARTY.txt
        ext-chromevox.js
        ext-textarea.js
        mode-cqsm.js
        ext-themelist.js
        keybinding-emacs.js
        mode-text.js
        ext-modelist.js
        theme-chrome.js
        keybinding-vim.js
        _rep_policy.xml
        WEB-INF
        tags
        sling.tld
        cognifide.tld
        c.tld
        cq.tld
        fn.tld
        fmt.tld
        web.xml
        conf
        apm
        scripts
        .gitignore
        META-INF
        vault
        filter.xml
        config.xml
      - LICENSE
      - build.gradle.kts
    - api
      - src
        main
        java
        com
        cognifide
        apm
        api
        services
        ExecutionResult.java
        ScriptManager.java
        ExecutionMode.java
        ScriptFinder.java
        DefinitionsProvider.java
        actions
        Context.java
        SessionSavingPolicy.java
        Message.java
        SessionSavingMode.java
        AuthorizableManager.java
        annotations
        Mapper.java
        Flags.java
        Mapping.java
        Required.java
        Named.java
        Flag.java
        ActionResult.java
        Action.java
        exceptions
        InvalidActionMapperException.java
        ActionException.java
        ActionCreationException.java
        ExecutionException.java
        InitializationException.java
        ActionExecutionException.java
        scripts
        LaunchMode.java
        TransientScript.java
        LaunchEnvironment.java
        Script.java
        MutableScript.java
        status
        Status.java
      - build.gradle.kts
    - all
      - build.gradle.kts
    - common
      - package
        validator
        initial
        META-INF
        vault
        nodetypes.cnd
        defaults
        META-INF
        vault
        definition
    - core
      - src
        main
        resources
        com
        cognifide
        apm
        core
        ui
        models
        content.apm
        CQ-INF
        nodetypes
        apm_nodetypes.cnd
        kotlin
        com
        cognifide
        apm
        core
        services
        version
        VersionServiceImpl.kt
        ScriptVersionModel.kt
        VersionService.kt
        ScriptVersion.kt
        ModifiedScriptFinder.kt
        grammar
        parsedscript
        InvalidSyntaxMessageFactory.kt
        ParsedScript.kt
        ApmLangParserFactory.kt
        InvalidSyntaxException.kt
        utils
        ImportScript.kt
        RequiredVariablesChecker.kt
        ScriptExecutionException.kt
        ActionInvoker.kt
        ScriptRunner.kt
        common
        Functions.kt
        ListBaseVisitor.kt
        StackWithRoot.kt
        argument
        StringLiteral.kt
        Arguments.kt
        ArgumentResolverException.kt
        ArgumentResolver.kt
        ReferenceFinder.kt
        ReferenceGraph.kt
        executioncontext
        ExternalExecutionContext.kt
        ExecutionContext.kt
        VariableHolder.kt
        RunScript.kt
        ApmType.kt
        endpoints
        utils
        RequestParameterInjector.kt
        AbstractFormServlet.kt
        RequestParameter.kt
        ResponseEntity.kt
        DateFormat.kt
        JsonObject.kt
        FileName.kt
        ScriptValidationServlet.kt
        ScriptValidationForm.kt
        ScriptUploadForm.kt
        ScriptUploadServlet.kt
        tools
        ApmInstallHook.kt
        OsgiAwareInstallHook.kt
        java
        com
        cognifide
        apm
        core
        sessions
        SessionSavingPolicyImpl.java
        scriptrunnerjob
        JobProgressOutput.java
        Property.java
        utils
        ResourceMixinUtil.java
        InstanceTypeProvider.java
        sling
        ResolveException.java
        OperateException.java
        OperateCallback.java
        ResolveCallback.java
        SlingHelper.java
        ServletUtils.java
        MessagingUtils.java
        Pagination.java
        AuthorizableManagerImpl.java
        CalendarUtils.java
        ErrorMessage.java
        ResponseMessage.java
        InstanceTypeProviderImpl.java
        SuccessMessage.java
        mocks
        MockUser.java
        MockPrincipal.java
        MockGroup.java
        executors
        ContextImpl.java
        actions
        ActionResultImpl.java
        MapperDescriptor.java
        scanner
        BundleUtils.java
        AnnotatedClassRegistry.java
        RegistryChangedListener.java
        ClassScanner.java
        ActionMapperRegistryImpl.java
        executor
        ActionExecutor.java
        RunActionExecutor.java
        DryRunActionExecutor.java
        AbstractActionExecutor.java
        ActionExecutorFactory.java
        ValidationActionExecutor.java
        ActionDescriptor.java
        ActionFactoryImpl.java
        MappingDescriptor.java
        ActionMapperRegistry.java
        CommandDescription.java
        ParameterDescriptor.java
        ActionFactory.java
        MapperDescriptorFactory.java
        ArgumentDescription.java
        ui
        models
        ConsoleModel.java
        DashboardTileModel.java
        ScriptsRowModel.java
        ReferencesModel.java
        SummaryTableModel.java
        datasources
        HistoryDatasourceServlet.java
        SimpleDataSourceBuilder.java
        LaunchModeDatasourceServlet.java
        ScriptsDatasourceServlet.java
        LaunchEnvironmentDatasourceServlet.java
        AbstractDatasourceServlet.java
        ChildrenDatasourceServlet.java
        launchers
        AbstractLauncher.java
        LauncherType.java
        ScheduledScriptLauncher.java
        StartupScriptLauncher.java
        StartupModifiedScriptLauncher.java
        ReplicatedScriptLauncher.java
        jobs
        ReplicationConsumer.java
        JobResultsCache.java
        ScriptRunnerJobConsumer.java
        ScriptRunnerJobManagerImpl.java
        ScriptRunnerJobStatus.java
        ScriptRunnerJobManager.java
        endpoints
        ScriptRemoveServlet.java
        ScriptResultServlet.java
        ReferenceServlet.java
        ScriptRunBackgroundServlet.java
        DefinitionsServlet.java
        ScriptRunServlet.java
        ScriptListServlet.java
        BackgroundJobParameters.java
        HistoryListServlet.java
        SummaryRedirectServlet.java
        ScriptDownloadServlet.java
        ScriptReplicationServlet.java
        progress
        ProgressImpl.java
        ProgressHelper.java
        scripts
        EventManager.java
        Event.java
        ScriptUtils.java
        ScriptFilters.java
        ScriptNode.java
        FileDescriptor.java
        ScriptFinderImpl.java
        LaunchMetadata.java
        DefaultDefinitionsProvider.java
        ScriptStorageImpl.java
        ScriptManagerImpl.java
        EventListener.java
        MutableScriptWrapper.java
        ScriptStorageException.java
        ExtendedScriptManager.java
        ScriptStorage.java
        ScriptReplicatorImpl.java
        ScriptReplicator.java
        ScriptModel.java
        history
        InstanceDetails.java
        ScriptHistoryImpl.java
        HistoryEntry.java
        RemoteScriptExecutionActionReceiver.java
        HistoryAutocleanService.java
        HistoryEntryWriter.java
        HistoryEntryImpl.java
        HistoryImpl.java
        ScriptHistory.java
        History.java
        Apm.java
        logger
        ProgressEntry.java
        Position.java
        Progress.java
        antlr
        ApmLang.g4
        test
        resources
        import.apm
        invalid2.apm
        define.apm
        includes
        cycle-c.apm
        import-b.apm
        cycle-a.apm
        cycle-b.apm
        run-c.apm
        run-b.apm
        run-a.apm
        import-a.apm
        import-c.apm
        foreach.apm
        import-deep-define.apm
        import-and-run1.apm
        import-and-run2.apm
        import-define.apm
        invalid1.apm
        groovy
        com
        cognifide
        apm
        core
        actions
        SampleMapper.groovy
        MapperDescriptorTest.groovy
        MapperWithoutAnnotation.groovy
        MapperWithWrongReturnType.groovy
        grammar
        parsedscript
        ParsedScriptTest.groovy
        ScriptRunnerTest.groovy
        common
        StackWithRootTest.groovy
        ReferenceFinderTest.groovy
        ArgumentResolverTest.groovy
        ApmLangParserHelper.groovy
      - build.gradle.kts
    - common.gradle.kts
  - common.gradle.kts
- .gitignore
- docs
  - permissions.md
  - grammar.md
  - LICENSE
  - launchers.md
  - ui.md
  - README.md
  - custom-actions.md
  - backend-api.md
- env
  - src
    - aem
      - package
        validator
        initial
        META-INF
        vault
        nodetypes.cnd
  - build.gradle.kts
- settings.gradle.kts

/*-
 * ========================LICENSE_START=================================
 * AEM Permission Management
 * %%
 * Copyright (C) 2013 Cognifide Limited
 * %%
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * =========================LICENSE_END==================================
 */
package com.cognifide.apm.main.actions.clearpermissions;

import com.cognifide.apm.api.actions.Action;
import com.cognifide.apm.api.actions.ActionResult;
import com.cognifide.apm.api.actions.Context;
import com.cognifide.apm.api.actions.Message;
import com.cognifide.apm.api.exceptions.ActionExecutionException;
import com.cognifide.apm.api.status.Status;
import com.cognifide.apm.main.utils.MessagingUtils;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import org.apache.commons.lang.StringUtils;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class Purge implements Action {

  private static final Logger LOGGER = LoggerFactory.getLogger(Purge.class);

  private static final String PERMISSION_STORE_PATH = "/jcr:system/rep:permissionStore/crx.default/";

  private final String path;

  public Purge(final String path) {
    this.path = path;
  }

  @Override
  public ActionResult simulate(Context context) {
    return process(context, false);
  }

  @Override
  public ActionResult execute(final Context context) {
    return process(context, true);
  }

  private ActionResult process(final Context context, boolean execute) {
    ActionResult actionResult = context.createActionResult();
    try {
      Authorizable authorizable = context.getCurrentAuthorizable();
      actionResult.setAuthorizable(authorizable.getID());
      LOGGER.info(String.format("Purging privileges for authorizable with id = %s under path = %s",
          authorizable.getID(), path));
      if (execute) {
        purge(context, actionResult);
      }
      actionResult.logMessage("Purged privileges for " + authorizable.getID() + " on " + path);
    } catch (RepositoryException | ActionExecutionException e) {
      actionResult.logError(MessagingUtils.createMessage(e));
    }

    return actionResult;
  }

  private void purge(final Context context, final ActionResult actionResult)
      throws RepositoryException, ActionExecutionException {
    NodeIterator iterator = getPermissions(context);
    String normalizedPath = normalizePath(path);
    while (iterator != null && iterator.hasNext()) {
      Node node = iterator.nextNode();
      if (node.hasProperty(PermissionConstants.REP_ACCESS_CONTROLLED_PATH)) {
        String parentPath = node.getProperty(PermissionConstants.REP_ACCESS_CONTROLLED_PATH)
            .getString();
        String normalizedParentPath = normalizePath(parentPath);
        boolean isUsersPermission = parentPath.startsWith(context.getCurrentAuthorizable().getPath());
        if (StringUtils.startsWith(normalizedParentPath, normalizedPath) && !isUsersPermission) {
          RemoveAll removeAll = new RemoveAll(parentPath);
          ActionResult removeAllResult = removeAll.execute(context);
          if (Status.ERROR.equals(removeAllResult.getStatus())) {
            copyErrorMessages(removeAllResult, actionResult);
          }
        }
      }
    }
  }

  private void copyErrorMessages(ActionResult from, ActionResult to) {
    for (Message msg : from.getMessages()) {
      if (Message.ERROR.equals(msg.getType())) {
        to.logWarning(msg.getText() + ", continuing");
      }
    }
  }

  private NodeIterator getPermissions(Context context)
      throws ActionExecutionException, RepositoryException {
    JackrabbitSession session = context.getSession();
    String path = PERMISSION_STORE_PATH + context.getCurrentAuthorizable().getID();
    NodeIterator result = null;
    if (session.nodeExists(path)) {
      Node node = session.getNode(path);
      result = node.getNodes();
    }
    return result;
  }

  private String normalizePath(String path) {
    return path + (path.endsWith("/") ? "" : "/");
  }

  @Override
  public boolean isGeneric() {
    return false;
  }

}