use of org.alfresco.repo.security.permissions.AccessControlEntry in project records-management by Alfresco.
the class ExtendedPermissionServiceImpl method getWriters.
/**
* @see org.alfresco.repo.security.permissions.impl.ExtendedPermissionService#getWriters(java.lang.Long)
*/
@Override
public Set<String> getWriters(Long aclId) {
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null) {
return Collections.emptySet();
}
Set<String> aclWriters = writersCache.get((Serializable) acl.getProperties());
if (aclWriters != null) {
return aclWriters;
}
HashSet<String> assigned = new HashSet<String>();
HashSet<String> readers = new HashSet<String>();
for (AccessControlEntry ace : acl.getEntries()) {
assigned.add(ace.getAuthority());
}
for (String authority : assigned) {
UnconditionalAclTest test = new UnconditionalAclTest(getPermissionReference(PermissionService.WRITE));
if (test.evaluate(authority, aclId)) {
readers.add(authority);
}
}
aclWriters = Collections.unmodifiableSet(readers);
writersCache.put((Serializable) acl.getProperties(), aclWriters);
return aclWriters;
}
use of org.alfresco.repo.security.permissions.AccessControlEntry in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method getReadersDenied.
/**
* @param aclId Long
* @return set of authorities denied permission on the ACL
*/
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getReadersDenied(Long aclId) {
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null) {
return Collections.emptySet();
}
Set<String> denied = readersDeniedCache.get(aclId);
if (denied != null) {
return denied;
}
denied = new HashSet<String>();
Set<String> assigned = new HashSet<String>();
for (AccessControlEntry ace : acl.getEntries()) {
assigned.add(ace.getAuthority());
}
for (String authority : assigned) {
UnconditionalDeniedAclTest test = new UnconditionalDeniedAclTest(getPermissionReference(PermissionService.READ));
if (test.evaluate(authority, aclId)) {
denied.add(authority);
}
}
readersDeniedCache.put((Serializable) acl.getProperties(), denied);
return denied;
}
use of org.alfresco.repo.security.permissions.AccessControlEntry in project alfresco-repository by Alfresco.
the class AclDAOImpl method getCopy.
private Long getCopy(Long toCopy, Long toInheritFrom, ACLCopyMode mode) {
AclUpdateEntity aclToCopy;
Long inheritedId;
Acl aclToInheritFrom;
switch(mode) {
case INHERIT:
if (toCopy.equals(toInheritFrom)) {
return getInheritedAccessControlList(toCopy);
} else {
throw new UnsupportedOperationException();
}
case COW:
aclToCopy = aclCrudDAO.getAclForUpdate(toCopy);
aclToCopy.setRequiresVersion(true);
aclToCopy.setAclChangeSetId(getCurrentChangeSetId());
aclCrudDAO.updateAcl(aclToCopy);
inheritedId = getInheritedAccessControlList(toCopy);
if ((inheritedId != null) && (!inheritedId.equals(toCopy))) {
AclUpdateEntity inheritedAcl = aclCrudDAO.getAclForUpdate(inheritedId);
inheritedAcl.setRequiresVersion(true);
inheritedAcl.setAclChangeSetId(getCurrentChangeSetId());
aclCrudDAO.updateAcl(inheritedAcl);
}
return toCopy;
case REDIRECT:
if ((toInheritFrom != null) && (toInheritFrom.equals(toCopy))) {
return getInheritedAccessControlList(toInheritFrom);
}
aclToCopy = aclCrudDAO.getAclForUpdate(toCopy);
aclToInheritFrom = null;
if (toInheritFrom != null) {
aclToInheritFrom = aclCrudDAO.getAcl(toInheritFrom);
}
switch(aclToCopy.getAclType()) {
case DEFINING:
// So this needs to make a copy in the same way layered does
case LAYERED:
if (toInheritFrom == null) {
return toCopy;
}
// manages cache clearing beneath
List<AclChange> changes = mergeInheritedAccessControlList(toInheritFrom, toCopy);
for (AclChange change : changes) {
if (change.getBefore().equals(toCopy)) {
return change.getAfter();
}
}
throw new UnsupportedOperationException();
case SHARED:
if (aclToInheritFrom != null) {
return getInheritedAccessControlList(toInheritFrom);
} else {
throw new UnsupportedOperationException();
}
case FIXED:
case GLOBAL:
case OLD:
return toCopy;
default:
throw new UnsupportedOperationException();
}
case COPY:
aclToCopy = aclCrudDAO.getAclForUpdate(toCopy);
aclToInheritFrom = null;
if (toInheritFrom != null) {
aclToInheritFrom = aclCrudDAO.getAcl(toInheritFrom);
}
switch(aclToCopy.getAclType()) {
case DEFINING:
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setInherits(aclToCopy.getInherits());
properties.setVersioned(true);
Long id = createAccessControlList(properties).getId();
AccessControlList indirectAcl = getAccessControlList(toCopy);
for (AccessControlEntry entry : indirectAcl.getEntries()) {
if (entry.getPosition() == 0) {
setAccessControlEntry(id, entry);
}
}
if (aclToInheritFrom != null) {
mergeInheritedAccessControlList(toInheritFrom, id);
}
return id;
case SHARED:
if (aclToInheritFrom != null) {
return getInheritedAccessControlList(toInheritFrom);
} else {
return null;
}
case FIXED:
case GLOBAL:
case LAYERED:
case OLD:
return toCopy;
default:
throw new UnsupportedOperationException();
}
default:
throw new UnsupportedOperationException();
}
}
use of org.alfresco.repo.security.permissions.AccessControlEntry in project alfresco-repository by Alfresco.
the class AclDAOImpl method getAccessControlList.
/**
* {@inheritDoc}
*/
@Override
public AccessControlList getAccessControlList(Long id) {
// Used the cached properties as our cache key
AccessControlListProperties properties = getAccessControlListProperties(id);
if (properties == null) {
return null;
}
AccessControlList aclCached = aclCache.get((Serializable) properties);
if (aclCached != null) {
return aclCached;
}
SimpleAccessControlList acl = new SimpleAccessControlList();
acl.setProperties(properties);
List<Map<String, Object>> results = aclCrudDAO.getAcesAndAuthoritiesByAcl(id);
List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>(results.size());
for (Map<String, Object> result : results) // for (AclMemberEntity member : members)
{
Boolean aceIsAllowed = (Boolean) result.get("allowed");
Integer aceType = (Integer) result.get("applies");
String authority = (String) result.get("authority");
Long permissionId = (Long) result.get("permissionId");
Integer position = (Integer) result.get("pos");
// Long result_aclmemId = (Long) result.get("aclmemId"); // not used here
SimpleAccessControlEntry sacEntry = new SimpleAccessControlEntry();
sacEntry.setAccessStatus(aceIsAllowed ? AccessStatus.ALLOWED : AccessStatus.DENIED);
sacEntry.setAceType(ACEType.getACETypeFromId(aceType));
sacEntry.setAuthority(authority);
// if (entry.getContext() != null)
// {
// SimpleAccessControlEntryContext context = new SimpleAccessControlEntryContext();
// context.setClassContext(entry.getContext().getClassContext());
// context.setKVPContext(entry.getContext().getKvpContext());
// context.setPropertyContext(entry.getContext().getPropertyContext());
// sacEntry.setContext(context);
// }
Permission perm = aclCrudDAO.getPermission(permissionId);
// Has an ID so must exist
QName permTypeQName = qnameDAO.getQName(perm.getTypeQNameId()).getSecond();
SimplePermissionReference permissionRefernce = SimplePermissionReference.getPermissionReference(permTypeQName, perm.getName());
sacEntry.setPermission(permissionRefernce);
sacEntry.setPosition(position);
entries.add(sacEntry);
}
Collections.sort(entries);
acl.setEntries(entries);
// Cache it for next time
aclCache.put((Serializable) properties, acl);
return acl;
}
use of org.alfresco.repo.security.permissions.AccessControlEntry in project alfresco-repository by Alfresco.
the class AbstractPermissionsDaoComponentImpl method createSimpleNodePermissionEntry.
private SimpleNodePermissionEntry createSimpleNodePermissionEntry(StoreRef storeRef) {
Acl acl = getACLDAO(storeRef).getAccessControlList(storeRef);
if (acl == null) {
// there isn't an access control list for the node - spoof a null one
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(null, true, Collections.<SimplePermissionEntry>emptyList());
return snpe;
} else {
AccessControlList info = aclDaoComponent.getAccessControlList(acl.getId());
ArrayList<SimplePermissionEntry> spes = new ArrayList<SimplePermissionEntry>(info.getEntries().size());
for (AccessControlEntry entry : info.getEntries()) {
SimplePermissionEntry spe = new SimplePermissionEntry(null, entry.getPermission(), entry.getAuthority(), entry.getAccessStatus(), entry.getPosition());
spes.add(spe);
}
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(null, acl.getInherits(), spes);
return snpe;
}
}
Aggregations