Example 11 with AccessControlEntry
use of org.alfresco.repo.security.permissions.AccessControlEntry in project alfresco-repository by Alfresco.
the class AclDAOImpl method createAccessControlList.
/**
* {@inheritDoc}
*/
@Override
public Acl createAccessControlList(AccessControlListProperties properties, List<AccessControlEntry> aces, Long inherited) {
if (properties == null) {
throw new IllegalArgumentException("Properties cannot be null");
}
AclEntity acl = new AclEntity();
if (properties.getAclId() != null) {
acl.setAclId(properties.getAclId());
} else {
acl.setAclId(GUID.generate());
}
acl.setAclType(properties.getAclType());
acl.setAclVersion(Long.valueOf(1l));
switch(properties.getAclType()) {
case FIXED:
case GLOBAL:
acl.setInherits(Boolean.FALSE);
case OLD:
case SHARED:
case DEFINING:
case LAYERED:
default:
if (properties.getInherits() != null) {
acl.setInherits(properties.getInherits());
} else {
acl.setInherits(Boolean.TRUE);
}
break;
}
acl.setLatest(Boolean.TRUE);
switch(properties.getAclType()) {
case OLD:
acl.setVersioned(Boolean.FALSE);
break;
case LAYERED:
if (properties.isVersioned() != null) {
acl.setVersioned(properties.isVersioned());
} else {
acl.setVersioned(Boolean.TRUE);
}
break;
case FIXED:
case GLOBAL:
case SHARED:
case DEFINING:
default:
if (properties.isVersioned() != null) {
acl.setVersioned(properties.isVersioned());
} else {
acl.setVersioned(Boolean.FALSE);
}
break;
}
acl.setAclChangeSetId(getCurrentChangeSetId());
acl.setRequiresVersion(false);
Acl createdAcl = (AclEntity) aclCrudDAO.createAcl(acl);
long created = createdAcl.getId();
List<Ace> toAdd = new ArrayList<Ace>();
List<AccessControlEntry> excluded = new ArrayList<AccessControlEntry>();
List<AclChange> changes = new ArrayList<AclChange>();
if ((aces != null) && aces.size() > 0) {
for (AccessControlEntry ace : aces) {
if ((ace.getPosition() != null) && (ace.getPosition() != 0)) {
throw new IllegalArgumentException("Invalid position");
}
// Find authority
Authority authority = aclCrudDAO.getOrCreateAuthority(ace.getAuthority());
Permission permission = aclCrudDAO.getOrCreatePermission(ace.getPermission());
// Find context
if (ace.getContext() != null) {
throw new UnsupportedOperationException();
}
// Find ACE
Ace entry = aclCrudDAO.getOrCreateAce(permission, authority, ace.getAceType(), ace.getAccessStatus());
// Wire up
// COW and remove any existing matches
SimpleAccessControlEntry exclude = new SimpleAccessControlEntry();
// match any access status
exclude.setAceType(ace.getAceType());
exclude.setAuthority(ace.getAuthority());
exclude.setPermission(ace.getPermission());
exclude.setPosition(0);
toAdd.add(entry);
excluded.add(exclude);
// Will remove from the cache
}
}
Long toInherit = null;
if (inherited != null) {
toInherit = getInheritedAccessControlList(inherited);
}
getWritable(created, toInherit, excluded, toAdd, toInherit, false, changes, WriteMode.CREATE_AND_INHERIT);
// Fetch an up-to-date version
return getAcl(created);
}
Also used :
ArrayList(java.util.ArrayList)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry)
AclChange(org.alfresco.repo.security.permissions.impl.AclChange)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
Example 12 with AccessControlEntry
use of org.alfresco.repo.security.permissions.AccessControlEntry in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method getReaders.
/**
* {@inheritDoc}
*/
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getReaders(Long aclId) {
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null) {
return Collections.emptySet();
}
Set<String> aclReaders = readersCache.get((Serializable) acl.getProperties());
if (aclReaders != null) {
return aclReaders;
}
HashSet<String> assigned = new HashSet<String>();
HashSet<String> readers = new HashSet<String>();
for (AccessControlEntry ace : acl.getEntries()) {
assigned.add(ace.getAuthority());
}
for (String authority : assigned) {
UnconditionalAclTest test = new UnconditionalAclTest(getPermissionReference(PermissionService.READ));
if (test.evaluate(authority, aclId)) {
readers.add(authority);
}
}
aclReaders = Collections.unmodifiableSet(readers);
readersCache.put((Serializable) acl.getProperties(), aclReaders);
return aclReaders;
}
Also used :
AccessControlList(org.alfresco.repo.security.permissions.AccessControlList)
AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Extend(org.alfresco.traitextender.Extend)
Aggregations
AccessControlEntry (org.alfresco.repo.security.permissions.AccessControlEntry)12
AccessControlList (org.alfresco.repo.security.permissions.AccessControlList)10
HashSet (java.util.HashSet)5
SimpleAccessControlEntry (org.alfresco.repo.security.permissions.SimpleAccessControlEntry)5
ArrayList (java.util.ArrayList)4
LinkedHashSet (java.util.LinkedHashSet)2
SimpleAccessControlList (org.alfresco.repo.security.permissions.SimpleAccessControlList)2
SimpleAccessControlListProperties (org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)2
AclChange (org.alfresco.repo.security.permissions.impl.AclChange)2
SimpleNodePermissionEntry (org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry)2
SimplePermissionEntry (org.alfresco.repo.security.permissions.impl.SimplePermissionEntry)2
Extend (org.alfresco.traitextender.Extend)2
Map (java.util.Map)1
NodeIdAndAclId (org.alfresco.repo.domain.node.NodeIdAndAclId)1
Acl (org.alfresco.repo.domain.permissions.Acl)1
AuthenticationUtil (org.alfresco.repo.security.authentication.AuthenticationUtil)1
AccessControlListProperties (org.alfresco.repo.security.permissions.AccessControlListProperties)1
SimplePermissionReference (org.alfresco.repo.security.permissions.impl.SimplePermissionReference)1
ChildAssociationRef (org.alfresco.service.cmr.repository.ChildAssociationRef)1
QName (org.alfresco.service.namespace.QName)1
