use of com.epam.pipeline.entity.security.acl.AclSecuredEntry in project cloud-pipeline by epam.
the class GrantPermissionManager method changeOwner.
@Transactional(propagation = Propagation.REQUIRED)
public AclSecuredEntry changeOwner(final Long id, final AclClass aclClass, final String userName) {
Assert.isTrue(StringUtils.isNotBlank(userName), "User name is required " + "to change owner of an object.");
final AbstractSecuredEntity entity = entityManager.load(aclClass, id);
final UserContext userContext = userManager.loadUserContext(userName);
Assert.notNull(userContext, String.format("The user with name %s doesn't exist.", userName));
if (entity.getOwner().equalsIgnoreCase(userName)) {
LOGGER.info("The resource you're trying to change owner is already owned by this user.");
return new AclSecuredEntry(entity);
}
aclService.changeOwner(entity, userName);
return new AclSecuredEntry(entityManager.changeOwner(aclClass, id, userName));
}
use of com.epam.pipeline.entity.security.acl.AclSecuredEntry in project cloud-pipeline by epam.
the class GrantPermissionManager method deletePermissions.
@Transactional(propagation = Propagation.REQUIRED)
public AclSecuredEntry deletePermissions(Long id, AclClass aclClass, String user, boolean isPrincipal) {
AbstractSecuredEntity entity = entityManager.load(aclClass, id);
Assert.isTrue(!entity.isLocked(), messageHelper.getMessage(MessageConstants.ERROR_ENTITY_IS_LOCKED, entity.getAclClass(), entity.getId()));
MutableAcl acl = aclService.getOrCreateObjectIdentity(entity);
Sid sid = aclService.getSid(user.toUpperCase(), isPrincipal);
int sidEntryIndex = findSidEntry(acl, sid);
if (sidEntryIndex != -1) {
acl.deleteAce(sidEntryIndex);
acl = aclService.updateAcl(acl);
}
AclSecuredEntry aclSecuredEntry = convertAclToEntryForUser(entity, acl, sid);
updateEventsWithChildrenAndIssues(entity);
return aclSecuredEntry;
}
use of com.epam.pipeline.entity.security.acl.AclSecuredEntry in project cloud-pipeline by epam.
the class GrantPermissionManager method setPermissions.
@Transactional(propagation = Propagation.REQUIRED)
public AclSecuredEntry setPermissions(PermissionGrantVO grantVO) {
validateParameters(grantVO);
AbstractSecuredEntity entity = entityManager.load(grantVO.getAclClass(), grantVO.getId());
Assert.isTrue(!entity.isLocked(), messageHelper.getMessage(MessageConstants.ERROR_ENTITY_IS_LOCKED, entity.getAclClass(), entity.getId()));
MutableAcl acl = aclService.getOrCreateObjectIdentity(entity);
Permission permission = permissionFactory.buildFromMask(grantVO.getMask());
String sidName = grantVO.getUserName().toUpperCase();
Sid sid = aclService.createOrGetSid(sidName, grantVO.getPrincipal());
LOGGER.debug("Granting permissions for sid {}", sid);
int sidEntryIndex = findSidEntry(acl, sid);
if (sidEntryIndex != -1) {
acl.deleteAce(sidEntryIndex);
}
acl.insertAce(Math.max(sidEntryIndex, 0), permission, sid, true);
MutableAcl updatedAcl = aclService.updateAcl(acl);
AclSecuredEntry aclSecuredEntry = convertAclToEntryForUser(entity, updatedAcl, sid);
updateEventsWithChildrenAndIssues(entity);
return aclSecuredEntry;
}
use of com.epam.pipeline.entity.security.acl.AclSecuredEntry in project cloud-pipeline by epam.
the class GrantPermissionManager method convertAclToEntry.
private AclSecuredEntry convertAclToEntry(AbstractSecuredEntity entity, MutableAcl acl) {
AclSecuredEntry entry = new AclSecuredEntry(entity);
acl.getEntries().forEach(aclEntry -> entry.addPermission(new AclPermissionEntry(aclEntry.getSid(), aclEntry.getPermission().getMask())));
return entry;
}
use of com.epam.pipeline.entity.security.acl.AclSecuredEntry in project cloud-pipeline by epam.
the class GrantPermissionManager method convertAclToEntryForUser.
private AclSecuredEntry convertAclToEntryForUser(AbstractSecuredEntity entity, MutableAcl acl, Sid sid) {
AclSid aclSid = new AclSid(sid);
AclSecuredEntry entry = convertAclToEntry(entity, acl);
List<AclPermissionEntry> filteredPermissions = entry.getPermissions().stream().filter(p -> p.getSid().equals(aclSid)).collect(toList());
entry.setPermissions(filteredPermissions);
return entry;
}
Aggregations