Examples with Sid - org.acegisecurity.acls.sid.Sid

Example 1 with Sid

use of org.acegisecurity.acls.sid.Sid in project TNTConcept by autentia.

the class SpringUtils method isAclPermissionGranted.

/**
 * Check if an ACL permission is granted for a given domain object
 * @param dto domain object
 * @param perm permission to test
 * @return true if permission is granted
 */
public static boolean isAclPermissionGranted(ITransferObject dto, Permission perm) {
    Sid[] sids = sidRetrievalStrategy.getSids(SecurityContextHolder.getContext().getAuthentication());
    ObjectIdentity oid = objectIdentityRetrievalStrategy.getObjectIdentity(dto);
    // Obtain aclEntrys applying to the current Authentication object
    try {
        Acl acl = aclService.readAclById(oid, sids);
        if (acl.isGranted(new Permission[] { perm }, sids, false)) {
            return true;
        } else {
            return false;
        }
    } catch (NotFoundException nfe) {
        return false;
    }
}

Also used : ObjectIdentity(org.acegisecurity.acls.objectidentity.ObjectIdentity) NotFoundException(org.acegisecurity.acls.NotFoundException) Acl(org.acegisecurity.acls.Acl) Sid(org.acegisecurity.acls.sid.Sid)

Example 2 with Sid

use of org.acegisecurity.acls.sid.Sid in project jenkins by jenkinsci.

the class CloudTest method provisionPermissionShouldBeIndependentFromAdminister.

@Test
@WithoutJenkins
@Issue("JENKINS-37616")
public void provisionPermissionShouldBeIndependentFromAdminister() {
    SidACL acl = new SidACL() {

        @Override
        protected Boolean hasPermission(Sid p, Permission permission) {
            return permission == Cloud.PROVISION;
        }
    };
    assertTrue(acl.hasPermission2(Jenkins.ANONYMOUS2, Cloud.PROVISION));
    assertFalse(acl.hasPermission2(Jenkins.ANONYMOUS2, Jenkins.ADMINISTER));
    assertEquals(Cloud.PROVISION, Computer.PERMISSIONS.find("Provision"));
}

Also used : SidACL(hudson.security.SidACL) Permission(hudson.security.Permission) Sid(org.acegisecurity.acls.sid.Sid) Issue(org.jvnet.hudson.test.Issue) Test(org.junit.Test) WithoutJenkins(org.jvnet.hudson.test.WithoutJenkins)

Example 3 with Sid

use of org.acegisecurity.acls.sid.Sid in project TNTConcept by autentia.

the class DefaultAclService method addAclLevel.

private void addAclLevel(Map<AclMatrixKey, AclMatrixValue> matrix, AclImpl acl, Class type, ITransferObject dto, Permission perm) {
    Principal principal = SpringUtils.getPrincipal();
    Sid sid = new PrincipalSid(principal.getUsername());
    AclMatrixKey key = new AclMatrixKey(type, principal.getRoleId());
    AclMatrixValue level = matrix.get(key);
    if (log.isDebugEnabled()) {
        log.debug("addAclLevel -" + " permission=[" + perm.getPattern() + "]" + " type=" + type.getSimpleName() + " id=" + dto.getId() + " ownerId=" + dto.getOwnerId() + " departmentId=" + dto.getDepartmentId() + " userId=" + principal.getId() + " roleId=" + principal.getRoleId() + " level=" + level);
    }
    if (level == null) {
        throw new UnsupportedOperationException("Write permission level for " + key + " not defined");
    }
    switch(level) {
        case ALL:
            acl.insertAce(null, perm, sid, true);
            break;
        case OWN:
            if (isIgnoreUnownedObjects() && (dto.getOwnerId() == null)) {
                acl.insertAce(null, perm, sid, true);
                log.warn("addAclLevel - allowing permission [" + perm.getPattern() + "] on object " + type.getSimpleName() + "[" + dto.getId() + "] " + "because it is not owned by any user and ignoreUnknownedObjects=true in DefaultAclService");
            } else {
                if (dto.getOwnerId() == principal.getId()) {
                    acl.insertAce(null, perm, sid, true);
                }
            }
            break;
        case AREA:
            if (isIgnoreUnownedObjects() && (dto.getDepartmentId() == null)) {
                acl.insertAce(null, perm, sid, true);
                log.warn("addAclLevel - allowing permission [" + perm.getPattern() + "] on object " + type.getSimpleName() + "[" + dto.getId() + "] " + "because it is not owned by any department and ignoreUnknownedObjects=true in DefaultAclService");
            } else {
                if (dto.getDepartmentId() == principal.getDepartmentId()) {
                    acl.insertAce(null, perm, sid, true);
                }
            }
            break;
        case DENY:
            // Do nothing
            break;
        case OWNERS:
            if (dto.getOwnersId() != null && dto.getOwnersId().contains(principal.getId())) {
                acl.insertAce(null, perm, sid, true);
            }
            break;
        default:
            throw new UnsupportedOperationException("AclMatrixValue(" + level + ") not supported by write permission in readAclById()");
    }
}

Also used : PrincipalSid(org.acegisecurity.acls.sid.PrincipalSid) Principal(com.autentia.tnt.manager.security.Principal) Sid(org.acegisecurity.acls.sid.Sid) PrincipalSid(org.acegisecurity.acls.sid.PrincipalSid)

Aggregations

Sid (org.acegisecurity.acls.sid.Sid)3 Principal (com.autentia.tnt.manager.security.Principal)1 Permission (hudson.security.Permission)1 SidACL (hudson.security.SidACL)1 Acl (org.acegisecurity.acls.Acl)1 NotFoundException (org.acegisecurity.acls.NotFoundException)1 ObjectIdentity (org.acegisecurity.acls.objectidentity.ObjectIdentity)1 PrincipalSid (org.acegisecurity.acls.sid.PrincipalSid)1 Test (org.junit.Test)1 Issue (org.jvnet.hudson.test.Issue)1 WithoutJenkins (org.jvnet.hudson.test.WithoutJenkins)1