Search in sources :

Example 1 with PrincipalSid

use of org.acegisecurity.acls.sid.PrincipalSid in project TNTConcept by autentia.

the class DefaultAclService method addAclLevel.

private void addAclLevel(Map<AclMatrixKey, AclMatrixValue> matrix, AclImpl acl, Class type, ITransferObject dto, Permission perm) {
    Principal principal = SpringUtils.getPrincipal();
    Sid sid = new PrincipalSid(principal.getUsername());
    AclMatrixKey key = new AclMatrixKey(type, principal.getRoleId());
    AclMatrixValue level = matrix.get(key);
    if (log.isDebugEnabled()) {
        log.debug("addAclLevel -" + " permission=[" + perm.getPattern() + "]" + " type=" + type.getSimpleName() + " id=" + dto.getId() + " ownerId=" + dto.getOwnerId() + " departmentId=" + dto.getDepartmentId() + " userId=" + principal.getId() + " roleId=" + principal.getRoleId() + " level=" + level);
    }
    if (level == null) {
        throw new UnsupportedOperationException("Write permission level for " + key + " not defined");
    }
    switch(level) {
        case ALL:
            acl.insertAce(null, perm, sid, true);
            break;
        case OWN:
            if (isIgnoreUnownedObjects() && (dto.getOwnerId() == null)) {
                acl.insertAce(null, perm, sid, true);
                log.warn("addAclLevel - allowing permission [" + perm.getPattern() + "] on object " + type.getSimpleName() + "[" + dto.getId() + "] " + "because it is not owned by any user and ignoreUnknownedObjects=true in DefaultAclService");
            } else {
                if (dto.getOwnerId() == principal.getId()) {
                    acl.insertAce(null, perm, sid, true);
                }
            }
            break;
        case AREA:
            if (isIgnoreUnownedObjects() && (dto.getDepartmentId() == null)) {
                acl.insertAce(null, perm, sid, true);
                log.warn("addAclLevel - allowing permission [" + perm.getPattern() + "] on object " + type.getSimpleName() + "[" + dto.getId() + "] " + "because it is not owned by any department and ignoreUnknownedObjects=true in DefaultAclService");
            } else {
                if (dto.getDepartmentId() == principal.getDepartmentId()) {
                    acl.insertAce(null, perm, sid, true);
                }
            }
            break;
        case DENY:
            // Do nothing
            break;
        case OWNERS:
            if (dto.getOwnersId() != null && dto.getOwnersId().contains(principal.getId())) {
                acl.insertAce(null, perm, sid, true);
            }
            break;
        default:
            throw new UnsupportedOperationException("AclMatrixValue(" + level + ") not supported by write permission in readAclById()");
    }
}
Also used : PrincipalSid(org.acegisecurity.acls.sid.PrincipalSid) Principal(com.autentia.tnt.manager.security.Principal) Sid(org.acegisecurity.acls.sid.Sid) PrincipalSid(org.acegisecurity.acls.sid.PrincipalSid)

Aggregations

Principal (com.autentia.tnt.manager.security.Principal)1 PrincipalSid (org.acegisecurity.acls.sid.PrincipalSid)1 Sid (org.acegisecurity.acls.sid.Sid)1