Examples of org.apache.jackrabbit.oak.api.Tree

• org.apache.jackrabbit.oak.api.Tree
  A tree instance represents a snapshot of the {@link ContentRepository}tree at the time the instance was acquired from a {@link ContentSession}. Tree instances may become invalid over time due to garbage collection of old content, at which point an outdated snapshot will start throwing {@code IllegalStateException}s to indicate that the snapshot is no longer available.

  Order and orderability

  The children of a {@code Tree} are generally unordered. That is, thesequence of the children returned by {@link #getChildren()} may change overtime as this {@code Tree} is modified either directly or through some othersession. Calling {@link #orderBefore(String)} will persist the current orderand maintain the order as new children are added or removed. In this case a new child will be inserted after the last child as seen by {@link #getChildren()}.

  State and state transitions

  A tree instance belongs to the client and its state is only modified in response to method calls made by the client. The various accessors on this interface mirror these of the underlying {@code NodeState}interface. However, since instances of this class are mutable return values may change between invocations.

  All tree instances created in the context of a content session become invalid after the content session is closed. Any method called on an invalid tree instance will throw an {@code InvalidStateException}.

  {@link Tree} instances may become non existing after a call to{@link Root#refresh()}, {@link Root#rebase()} or {@link Root#commit()}. Any write access to non existing {@code Tree} instances will cause an{@code InvalidStateException}.

  Thread safety

  Tree instances are not thread-safe for write access, so writing clients need to ensure that they are not accessed concurrently from multiple threads. Instances are however thread-safe for read access, so implementations need to ensure that all reading clients see a coherent state.

  Visibility and access control

  The data returned by this class and intermediary objects such as are access controlled governed by the {@code ContentSession} instance from whichthe containing {@code Root} was obtained.

  Existence and iterability of trees

  The {@link #getChild(String)} method is special in that it neverreturns a {@code null} value, even if the named tree does not exist.Instead a client should use the {@link #exists()} method on the returnedtree to check whether that tree exists.

  The iterability of a tree is a related to existence. A node state is iterable if it is included in the return values of the {@link #getChildrenCount(long)} and {@link #getChildren()} methods. An iterablenode is guaranteed to exist, though not all existing nodes are necessarily iterable.

  Furthermore, a non-existing node is guaranteed to contain no properties or iterable child nodes. It can, however contain non-iterable children. Such scenarios are typically the result of access control restrictions.

            // conflict while creating token store for this user -> refresh and
            // try to get the tree from the updated root.
            log.debug("Conflict while creating token store -> retrying", e.getMessage());
            root.refresh();
            if (parentPath != null) {
                Tree parentTree = root.getTree(parentPath);
                if (parentTree.exists()) {
                    tokenParent = new NodeUtil(parentTree);
                }
            }
        }
        return tokenParent;

    public PrivilegeBits getBits(@Nonnull Iterable<String> privilegeNames) {
        if (!privilegeNames.iterator().hasNext()) {
            return PrivilegeBits.EMPTY;
        }

        Tree privilegesTree = getPrivilegesTree();
        if (!privilegesTree.exists()) {
            return PrivilegeBits.EMPTY;
        }
        PrivilegeBits bits = PrivilegeBits.getInstance();
        for (String privilegeName : privilegeNames) {
            if (privilegeName != null) {
                Tree defTree = privilegesTree.getChild(privilegeName);
                if (defTree.exists()) {
                    bits.add(PrivilegeBits.getInstance(defTree));
                }
            } else {
                log.debug("Ignoring 'null' privilege name");
            }

        PrivilegeBits pb = privilegeBits.unmodifiable();
        if (bitsToNames.containsKey(pb)) {
            // matches all built-in aggregates and single built-in privileges
            return bitsToNames.get(pb);
        } else {
            Tree privilegesTree = getPrivilegesTree();
            if (!privilegesTree.exists()) {
                return Collections.emptySet();
            }

            if (bitsToNames.isEmpty()) {
                for (Tree child : privilegesTree.getChildren()) {
                    bitsToNames.put(PrivilegeBits.getInstance(child), Collections.singleton(child.getName()));
                }
            }

            Set<String> privilegeNames;
            if (bitsToNames.containsKey(pb)) {
                privilegeNames = bitsToNames.get(pb);
            } else {
                privilegeNames = new HashSet<String>();
                Set<String> aggregates = new HashSet<String>();
                for (Tree child : privilegesTree.getChildren()) {
                    PrivilegeBits bits = PrivilegeBits.getInstance(child);
                    if (pb.includes(bits)) {
                        privilegeNames.add(child.getName());
                        if (child.hasProperty(REP_AGGREGATES)) {
                            aggregates.addAll(PrivilegeUtil.readDefinition(child).getDeclaredAggregateNames());

    private PrivilegeBits next;

    PrivilegeDefinitionWriter(Root root) {
        this.root = root;
        this.bitsMgr = new PrivilegeBitsProvider(root);
        Tree privilegesTree = bitsMgr.getPrivilegesTree();
        if (privilegesTree.exists() && privilegesTree.hasProperty(REP_NEXT)) {
            next = PrivilegeBits.getInstance(privilegesTree);
        } else {
            next = PrivilegeBits.NEXT_AFTER_BUILT_INS;
        }
    }

    static CompiledPermissions create(@Nonnull ImmutableRoot root, @Nonnull String workspaceName,
                                      @Nonnull Set<Principal> principals,
                                      @Nonnull AuthorizationConfiguration acConfig,
                                      @Nonnull PermissionEntryCache.Local cache) {
        Tree permissionsTree = PermissionUtil.getPermissionsRoot(root, workspaceName);
        if (!permissionsTree.exists() || principals.isEmpty()) {
            return NoPermissions.getInstance();
        } else {
            Set<String> readPaths = acConfig.getParameters().getConfigValue(PARAM_READ_PATHS, DEFAULT_READ_PATHS);
            return new CompiledPermissionImpl(cache, principals, root, workspaceName, acConfig.getRestrictionProvider(), readPaths);
        }

            return expirationTime < loginTime;
        }

        @Override
        public boolean resetExpiration(long loginTime) {
            Tree tokenTree = getTokenTree(this);
            if (tokenTree != null && tokenTree.exists()) {
                NodeUtil tokenNode = new NodeUtil(tokenTree);
                if (isExpired(loginTime)) {
                    log.debug("Attempt to reset an expired token.");
                    return false;
                }

        switch (type) {
            case TreeTypeProvider.TYPE_HIDDEN:
                // TODO: OAK-753 decide on where to filter out hidden items.
                return true;
            case TreeTypeProvider.TYPE_VERSION:
                Tree versionableTree = getVersionableTree(tree);
                if (versionableTree == null) {
                    // unable to determine the location of the versionable item -> deny access.
                    return false;
                }
                if (versionableTree.exists()) {
                    return internalIsGranted(versionableTree, property, permissions);
                } else {
                    // versionable node does not exist (anymore) in this workspace;
                    // use best effort calculation based on the item path.
                    String path = versionableTree.getPath();
                    if (property != null) {
                        path = PathUtils.concat(path, property.getName());
                    }
                    return isGranted(path, permissions);
                }

     * @throws RepositoryException
     */
    private void writeDefinitions(Iterable<PrivilegeDefinition> definitions) throws RepositoryException {
        try {
            // make sure the privileges path is defined
            Tree privilegesTree = root.getTree(PRIVILEGES_PATH);
            if (!privilegesTree.exists()) {
                throw new RepositoryException("Privilege store does not exist.");
            }
            NodeUtil privilegesNode = new NodeUtil(privilegesTree);
            for (PrivilegeDefinition definition : definitions) {
                if (privilegesNode.hasChild(definition.getName())) {

            return false;
        }

        @Override
        public boolean remove() {
            Tree tokenTree = getTokenTree(this);
            if (tokenTree != null && tokenTree.exists()) {
                try {
                    if (tokenTree.remove()) {
                        root.commit();
                        return true;
                    }
                } catch (CommitFailedException e) {
                    log.debug("Error while removing expired token", e.getMessage());

        int type = (tree == null) ? TreeTypeProvider.TYPE_DEFAULT : tree.getType();
        switch (type) {
            case TreeTypeProvider.TYPE_HIDDEN:
                return PrivilegeBits.EMPTY;
            case TreeTypeProvider.TYPE_VERSION:
                Tree versionableTree = getVersionableTree(tree);
                if (versionableTree == null || !versionableTree.exists()) {
                    // unable to determine the location of the versionable item -> deny access.
                    // TODO : add proper handling for cases where the versionable node does not exist (anymore)
                    return PrivilegeBits.EMPTY;
                }  else {
                    return getPrivilegeBits(versionableTree);