Search in sources :

Example 1 with AccessControlEntry

use of org.alfresco.repo.security.permissions.AccessControlEntry in project records-management by Alfresco.

the class ExtendedPermissionServiceImpl method getWriters.

/**
 * @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#getWriters(java.lang.Long)
 */
@Override
public Set<String> getWriters(Long aclId) {
    AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
    if (acl == null) {
        return Collections.emptySet();
    }
    Set<String> aclWriters = writersCache.get((Serializable) acl.getProperties());
    if (aclWriters != null) {
        return aclWriters;
    }
    HashSet<String> assigned = new HashSet<String>();
    HashSet<String> readers = new HashSet<String>();
    for (AccessControlEntry ace : acl.getEntries()) {
        assigned.add(ace.getAuthority());
    }
    for (String authority : assigned) {
        UnconditionalAclTest test = new UnconditionalAclTest(getPermissionReference(PermissionService.WRITE));
        if (test.evaluate(authority, aclId)) {
            readers.add(authority);
        }
    }
    aclWriters = Collections.unmodifiableSet(readers);
    writersCache.put((Serializable) acl.getProperties(), aclWriters);
    return aclWriters;
}
Also used : AccessControlList(org.alfresco.repo.security.permissions.AccessControlList) AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry) HashSet(java.util.HashSet)

Example 2 with AccessControlEntry

use of org.alfresco.repo.security.permissions.AccessControlEntry in project alfresco-repository by Alfresco.

the class PermissionServiceImpl method getReadersDenied.

/**
 * @param aclId Long
 * @return set of authorities denied permission on the ACL
 */
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getReadersDenied(Long aclId) {
    AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
    if (acl == null) {
        return Collections.emptySet();
    }
    Set<String> denied = readersDeniedCache.get(aclId);
    if (denied != null) {
        return denied;
    }
    denied = new HashSet<String>();
    Set<String> assigned = new HashSet<String>();
    for (AccessControlEntry ace : acl.getEntries()) {
        assigned.add(ace.getAuthority());
    }
    for (String authority : assigned) {
        UnconditionalDeniedAclTest test = new UnconditionalDeniedAclTest(getPermissionReference(PermissionService.READ));
        if (test.evaluate(authority, aclId)) {
            denied.add(authority);
        }
    }
    readersDeniedCache.put((Serializable) acl.getProperties(), denied);
    return denied;
}
Also used : AccessControlList(org.alfresco.repo.security.permissions.AccessControlList) AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet) Extend(org.alfresco.traitextender.Extend)

Example 3 with AccessControlEntry

use of org.alfresco.repo.security.permissions.AccessControlEntry in project alfresco-repository by Alfresco.

the class AclDAOImpl method getCopy.

private Long getCopy(Long toCopy, Long toInheritFrom, ACLCopyMode mode) {
    AclUpdateEntity aclToCopy;
    Long inheritedId;
    Acl aclToInheritFrom;
    switch(mode) {
        case INHERIT:
            if (toCopy.equals(toInheritFrom)) {
                return getInheritedAccessControlList(toCopy);
            } else {
                throw new UnsupportedOperationException();
            }
        case COW:
            aclToCopy = aclCrudDAO.getAclForUpdate(toCopy);
            aclToCopy.setRequiresVersion(true);
            aclToCopy.setAclChangeSetId(getCurrentChangeSetId());
            aclCrudDAO.updateAcl(aclToCopy);
            inheritedId = getInheritedAccessControlList(toCopy);
            if ((inheritedId != null) && (!inheritedId.equals(toCopy))) {
                AclUpdateEntity inheritedAcl = aclCrudDAO.getAclForUpdate(inheritedId);
                inheritedAcl.setRequiresVersion(true);
                inheritedAcl.setAclChangeSetId(getCurrentChangeSetId());
                aclCrudDAO.updateAcl(inheritedAcl);
            }
            return toCopy;
        case REDIRECT:
            if ((toInheritFrom != null) && (toInheritFrom.equals(toCopy))) {
                return getInheritedAccessControlList(toInheritFrom);
            }
            aclToCopy = aclCrudDAO.getAclForUpdate(toCopy);
            aclToInheritFrom = null;
            if (toInheritFrom != null) {
                aclToInheritFrom = aclCrudDAO.getAcl(toInheritFrom);
            }
            switch(aclToCopy.getAclType()) {
                case DEFINING:
                // So this needs to make a copy in the same way layered does
                case LAYERED:
                    if (toInheritFrom == null) {
                        return toCopy;
                    }
                    // manages cache clearing beneath
                    List<AclChange> changes = mergeInheritedAccessControlList(toInheritFrom, toCopy);
                    for (AclChange change : changes) {
                        if (change.getBefore().equals(toCopy)) {
                            return change.getAfter();
                        }
                    }
                    throw new UnsupportedOperationException();
                case SHARED:
                    if (aclToInheritFrom != null) {
                        return getInheritedAccessControlList(toInheritFrom);
                    } else {
                        throw new UnsupportedOperationException();
                    }
                case FIXED:
                case GLOBAL:
                case OLD:
                    return toCopy;
                default:
                    throw new UnsupportedOperationException();
            }
        case COPY:
            aclToCopy = aclCrudDAO.getAclForUpdate(toCopy);
            aclToInheritFrom = null;
            if (toInheritFrom != null) {
                aclToInheritFrom = aclCrudDAO.getAcl(toInheritFrom);
            }
            switch(aclToCopy.getAclType()) {
                case DEFINING:
                    SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
                    properties.setAclType(ACLType.DEFINING);
                    properties.setInherits(aclToCopy.getInherits());
                    properties.setVersioned(true);
                    Long id = createAccessControlList(properties).getId();
                    AccessControlList indirectAcl = getAccessControlList(toCopy);
                    for (AccessControlEntry entry : indirectAcl.getEntries()) {
                        if (entry.getPosition() == 0) {
                            setAccessControlEntry(id, entry);
                        }
                    }
                    if (aclToInheritFrom != null) {
                        mergeInheritedAccessControlList(toInheritFrom, id);
                    }
                    return id;
                case SHARED:
                    if (aclToInheritFrom != null) {
                        return getInheritedAccessControlList(toInheritFrom);
                    } else {
                        return null;
                    }
                case FIXED:
                case GLOBAL:
                case LAYERED:
                case OLD:
                    return toCopy;
                default:
                    throw new UnsupportedOperationException();
            }
        default:
            throw new UnsupportedOperationException();
    }
}
Also used : AccessControlList(org.alfresco.repo.security.permissions.AccessControlList) SimpleAccessControlList(org.alfresco.repo.security.permissions.SimpleAccessControlList) SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry) AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry) AclChange(org.alfresco.repo.security.permissions.impl.AclChange) SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)

Example 4 with AccessControlEntry

use of org.alfresco.repo.security.permissions.AccessControlEntry in project alfresco-repository by Alfresco.

the class AclDAOImpl method getAccessControlList.

/**
 * {@inheritDoc}
 */
@Override
public AccessControlList getAccessControlList(Long id) {
    // Used the cached properties as our cache key
    AccessControlListProperties properties = getAccessControlListProperties(id);
    if (properties == null) {
        return null;
    }
    AccessControlList aclCached = aclCache.get((Serializable) properties);
    if (aclCached != null) {
        return aclCached;
    }
    SimpleAccessControlList acl = new SimpleAccessControlList();
    acl.setProperties(properties);
    List<Map<String, Object>> results = aclCrudDAO.getAcesAndAuthoritiesByAcl(id);
    List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>(results.size());
    for (Map<String, Object> result : results) // for (AclMemberEntity member : members)
    {
        Boolean aceIsAllowed = (Boolean) result.get("allowed");
        Integer aceType = (Integer) result.get("applies");
        String authority = (String) result.get("authority");
        Long permissionId = (Long) result.get("permissionId");
        Integer position = (Integer) result.get("pos");
        // Long result_aclmemId = (Long) result.get("aclmemId"); // not used here
        SimpleAccessControlEntry sacEntry = new SimpleAccessControlEntry();
        sacEntry.setAccessStatus(aceIsAllowed ? AccessStatus.ALLOWED : AccessStatus.DENIED);
        sacEntry.setAceType(ACEType.getACETypeFromId(aceType));
        sacEntry.setAuthority(authority);
        // if (entry.getContext() != null)
        // {
        // SimpleAccessControlEntryContext context = new SimpleAccessControlEntryContext();
        // context.setClassContext(entry.getContext().getClassContext());
        // context.setKVPContext(entry.getContext().getKvpContext());
        // context.setPropertyContext(entry.getContext().getPropertyContext());
        // sacEntry.setContext(context);
        // }
        Permission perm = aclCrudDAO.getPermission(permissionId);
        // Has an ID so must exist
        QName permTypeQName = qnameDAO.getQName(perm.getTypeQNameId()).getSecond();
        SimplePermissionReference permissionRefernce = SimplePermissionReference.getPermissionReference(permTypeQName, perm.getName());
        sacEntry.setPermission(permissionRefernce);
        sacEntry.setPosition(position);
        entries.add(sacEntry);
    }
    Collections.sort(entries);
    acl.setEntries(entries);
    // Cache it for next time
    aclCache.put((Serializable) properties, acl);
    return acl;
}
Also used : AccessControlList(org.alfresco.repo.security.permissions.AccessControlList) SimpleAccessControlList(org.alfresco.repo.security.permissions.SimpleAccessControlList) SimpleAccessControlList(org.alfresco.repo.security.permissions.SimpleAccessControlList) QName(org.alfresco.service.namespace.QName) ArrayList(java.util.ArrayList) AccessControlListProperties(org.alfresco.repo.security.permissions.AccessControlListProperties) SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties) SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry) AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry) SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry) SimplePermissionReference(org.alfresco.repo.security.permissions.impl.SimplePermissionReference) Map(java.util.Map)

Example 5 with AccessControlEntry

use of org.alfresco.repo.security.permissions.AccessControlEntry in project alfresco-repository by Alfresco.

the class AbstractPermissionsDaoComponentImpl method createSimpleNodePermissionEntry.

private SimpleNodePermissionEntry createSimpleNodePermissionEntry(StoreRef storeRef) {
    Acl acl = getACLDAO(storeRef).getAccessControlList(storeRef);
    if (acl == null) {
        // there isn't an access control list for the node - spoof a null one
        SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(null, true, Collections.<SimplePermissionEntry>emptyList());
        return snpe;
    } else {
        AccessControlList info = aclDaoComponent.getAccessControlList(acl.getId());
        ArrayList<SimplePermissionEntry> spes = new ArrayList<SimplePermissionEntry>(info.getEntries().size());
        for (AccessControlEntry entry : info.getEntries()) {
            SimplePermissionEntry spe = new SimplePermissionEntry(null, entry.getPermission(), entry.getAuthority(), entry.getAccessStatus(), entry.getPosition());
            spes.add(spe);
        }
        SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(null, acl.getInherits(), spes);
        return snpe;
    }
}
Also used : AccessControlList(org.alfresco.repo.security.permissions.AccessControlList) SimpleNodePermissionEntry(org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry) ArrayList(java.util.ArrayList) SimplePermissionEntry(org.alfresco.repo.security.permissions.impl.SimplePermissionEntry) SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry) AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry)

Aggregations

AccessControlEntry (org.alfresco.repo.security.permissions.AccessControlEntry)12 AccessControlList (org.alfresco.repo.security.permissions.AccessControlList)10 HashSet (java.util.HashSet)5 SimpleAccessControlEntry (org.alfresco.repo.security.permissions.SimpleAccessControlEntry)5 ArrayList (java.util.ArrayList)4 LinkedHashSet (java.util.LinkedHashSet)2 SimpleAccessControlList (org.alfresco.repo.security.permissions.SimpleAccessControlList)2 SimpleAccessControlListProperties (org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)2 AclChange (org.alfresco.repo.security.permissions.impl.AclChange)2 SimpleNodePermissionEntry (org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry)2 SimplePermissionEntry (org.alfresco.repo.security.permissions.impl.SimplePermissionEntry)2 Extend (org.alfresco.traitextender.Extend)2 Map (java.util.Map)1 NodeIdAndAclId (org.alfresco.repo.domain.node.NodeIdAndAclId)1 Acl (org.alfresco.repo.domain.permissions.Acl)1 AuthenticationUtil (org.alfresco.repo.security.authentication.AuthenticationUtil)1 AccessControlListProperties (org.alfresco.repo.security.permissions.AccessControlListProperties)1 SimplePermissionReference (org.alfresco.repo.security.permissions.impl.SimplePermissionReference)1 ChildAssociationRef (org.alfresco.service.cmr.repository.ChildAssociationRef)1 QName (org.alfresco.service.namespace.QName)1