Examples with AccessControlList org.alfresco.repo.security.permissions.AccessControlList used on opensource projects

Search in sources :

Example 6 with AccessControlList

use of org.alfresco.repo.security.permissions.AccessControlList in project alfresco-repository by Alfresco.

the class AbstractPermissionsDaoComponentImpl method createSimpleNodePermissionEntry.

private SimpleNodePermissionEntry createSimpleNodePermissionEntry(StoreRef storeRef) {
    Acl acl = getACLDAO(storeRef).getAccessControlList(storeRef);
    if (acl == null) {
        // there isn't an access control list for the node - spoof a null one
        SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(null, true, Collections.<SimplePermissionEntry>emptyList());
        return snpe;
    } else {
        AccessControlList info = aclDaoComponent.getAccessControlList(acl.getId());
        ArrayList<SimplePermissionEntry> spes = new ArrayList<SimplePermissionEntry>(info.getEntries().size());
        for (AccessControlEntry entry : info.getEntries()) {
            SimplePermissionEntry spe = new SimplePermissionEntry(null, entry.getPermission(), entry.getAuthority(), entry.getAccessStatus(), entry.getPosition());
            spes.add(spe);
        }
        SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(null, acl.getInherits(), spes);
        return snpe;
    }
}
Also used : AccessControlList(org.alfresco.repo.security.permissions.AccessControlList) SimpleNodePermissionEntry(org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry) ArrayList(java.util.ArrayList) SimplePermissionEntry(org.alfresco.repo.security.permissions.impl.SimplePermissionEntry) SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry) AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry)

Example 7 with AccessControlList

use of org.alfresco.repo.security.permissions.AccessControlList in project alfresco-repository by Alfresco.

the class AbstractPermissionsDaoComponentImpl method createSimpleNodePermissionEntry.

// Utility methods to create simple detached objects for the outside world
// We do not pass out the hibernate objects
private SimpleNodePermissionEntry createSimpleNodePermissionEntry(NodeRef nodeRef) {
    Acl acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
    if (acl == null) {
        // there isn't an access control list for the node - spoof a null one
        SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections.<SimplePermissionEntry>emptyList());
        return snpe;
    } else {
        AccessControlList info = aclDaoComponent.getAccessControlList(acl.getId());
        SimpleNodePermissionEntry cached = info.getCachedSimpleNodePermissionEntry();
        if (cached != null) {
            return cached;
        }
        ArrayList<SimplePermissionEntry> spes = new ArrayList<SimplePermissionEntry>(info.getEntries().size());
        for (AccessControlEntry entry : info.getEntries()) {
            SimplePermissionEntry spe = new SimplePermissionEntry(nodeRef, entry.getPermission(), entry.getAuthority(), entry.getAccessStatus(), entry.getPosition());
            spes.add(spe);
        }
        SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, acl.getInherits(), spes);
        info.setCachedSimpleNodePermissionEntry(snpe);
        return snpe;
    }
}
Also used : AccessControlList(org.alfresco.repo.security.permissions.AccessControlList) SimpleNodePermissionEntry(org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry) ArrayList(java.util.ArrayList) SimplePermissionEntry(org.alfresco.repo.security.permissions.impl.SimplePermissionEntry) SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry) AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry)

Example 8 with AccessControlList

use of org.alfresco.repo.security.permissions.AccessControlList in project alfresco-repository by Alfresco.

the class ADMAccessControlListDAO method fixOldDmAcls.

private CounterSet fixOldDmAcls(Long nodeId, Long existingNodeAclId, Long inheritedAclId, boolean isRoot) {
    CounterSet result = new CounterSet();
    // If existingNodeAclId is not null and equal to inheritedAclId then we know we have hit a shared ACL we have bulk set
    // - just carry on in this case - we do not need to get the acl
    Long newDefiningAcl = null;
    if ((existingNodeAclId != null) && (existingNodeAclId.equals(inheritedAclId))) {
    // nothing to do except move into the children
    } else {
        AccessControlList existing = null;
        if (existingNodeAclId != null) {
            existing = aclDaoComponent.getAccessControlList(existingNodeAclId);
        }
        if (existing != null) {
            if (existing.getProperties().getAclType() == ACLType.OLD) {
                result.increment(ACLType.DEFINING);
                SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(aclDaoComponent.getDefaultProperties());
                properties.setInherits(existing.getProperties().getInherits());
                Long actuallyInherited = null;
                if (existing.getProperties().getInherits()) {
                    if (inheritedAclId != null) {
                        actuallyInherited = inheritedAclId;
                    }
                }
                Acl newAcl = aclDaoComponent.createAccessControlList(properties, existing.getEntries(), actuallyInherited);
                newDefiningAcl = newAcl.getId();
                nodeDAO.setNodeAclId(nodeId, newDefiningAcl);
            } else if (existing.getProperties().getAclType() == ACLType.SHARED) {
            // nothing to do just cascade into the children - we most likely did a bulk set above.
            // TODO: Check shared ACL set is correct
            } else {
                // Check inheritance is correct
                return result;
            }
        } else {
            // Set default ACL on roots with no settings
            if (isRoot) {
                result.increment(ACLType.DEFINING);
                AccessControlListProperties properties = aclDaoComponent.getDefaultProperties();
                Acl newAcl = aclDaoComponent.createAccessControlList(properties);
                newDefiningAcl = newAcl.getId();
                nodeDAO.setNodeAclId(nodeId, newDefiningAcl);
            } else {
                // Unset - simple inherit
                nodeDAO.setNodeAclId(nodeId, inheritedAclId);
            }
        }
    }
    Long toInherit = null;
    List<NodeIdAndAclId> children = nodeDAO.getPrimaryChildrenAcls(nodeId);
    if (children.size() > 0) {
        // Only make inherited if required
        if (newDefiningAcl == null) {
            toInherit = inheritedAclId;
        } else {
            toInherit = aclDaoComponent.getInheritedAccessControlList(newDefiningAcl);
        }
    }
    if (children.size() > 0) {
        nodeDAO.setPrimaryChildrenSharedAclId(nodeId, null, toInherit);
    }
    for (NodeIdAndAclId child : children) {
        CounterSet update = fixOldDmAcls(child.getId(), child.getAclId(), toInherit, false);
        result.add(update);
    }
    return result;
}
Also used : AccessControlList(org.alfresco.repo.security.permissions.AccessControlList) AccessControlListProperties(org.alfresco.repo.security.permissions.AccessControlListProperties) SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties) SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties) NodeIdAndAclId(org.alfresco.repo.domain.node.NodeIdAndAclId)

Example 9 with AccessControlList

use of org.alfresco.repo.security.permissions.AccessControlList in project records-management by Alfresco.

the class ExtendedPermissionServiceImpl method getReaders.

/**
 * @see org.alfresco.repo.security.permissions.impl.PermissionServiceImpl#getReaders(java.lang.Long)
 */
@Override
public Set<String> getReaders(Long aclId) {
    AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
    if (acl == null) {
        return Collections.emptySet();
    }
    Set<String> aclReaders = readersCache.get((Serializable) acl.getProperties());
    if (aclReaders != null) {
        return aclReaders;
    }
    HashSet<String> assigned = new HashSet<String>();
    HashSet<String> readers = new HashSet<String>();
    for (AccessControlEntry ace : acl.getEntries()) {
        assigned.add(ace.getAuthority());
    }
    for (String authority : assigned) {
        UnconditionalAclTest test = new UnconditionalAclTest(getPermissionReference(PermissionService.READ));
        UnconditionalAclTest rmTest = new UnconditionalAclTest(getPermissionReference(RMPermissionModel.READ_RECORDS));
        if (test.evaluate(authority, aclId) || rmTest.evaluate(authority, aclId)) {
            readers.add(authority);
        }
    }
    aclReaders = Collections.unmodifiableSet(readers);
    readersCache.put((Serializable) acl.getProperties(), aclReaders);
    return aclReaders;
}
Also used : AccessControlList(org.alfresco.repo.security.permissions.AccessControlList) AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry) HashSet(java.util.HashSet)

Example 10 with AccessControlList

use of org.alfresco.repo.security.permissions.AccessControlList in project records-management by Alfresco.

the class ExtendedPermissionServiceImpl method getReadersDenied.

/**
 * Override with check for RM read
 *
 * @param aclId
 * @return
 */
@Override
public Set<String> getReadersDenied(Long aclId) {
    AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
    if (acl == null) {
        return Collections.emptySet();
    }
    Set<String> denied = readersDeniedCache.get(aclId);
    if (denied != null) {
        return denied;
    }
    denied = new HashSet<String>();
    Set<String> assigned = new HashSet<String>();
    for (AccessControlEntry ace : acl.getEntries()) {
        assigned.add(ace.getAuthority());
    }
    for (String authority : assigned) {
        UnconditionalDeniedAclTest test = new UnconditionalDeniedAclTest(getPermissionReference(PermissionService.READ));
        UnconditionalDeniedAclTest rmTest = new UnconditionalDeniedAclTest(getPermissionReference(RMPermissionModel.READ_RECORDS));
        if (test.evaluate(authority, aclId) || rmTest.evaluate(authority, aclId)) {
            denied.add(authority);
        }
    }
    readersDeniedCache.put((Serializable) acl.getProperties(), denied);
    return denied;
}
Also used : AccessControlList(org.alfresco.repo.security.permissions.AccessControlList) AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry) HashSet(java.util.HashSet)

Aggregations

AccessControlList (org.alfresco.repo.security.permissions.AccessControlList)12 AccessControlEntry (org.alfresco.repo.security.permissions.AccessControlEntry)10 HashSet (java.util.HashSet)5 SimpleAccessControlEntry (org.alfresco.repo.security.permissions.SimpleAccessControlEntry)5 SimpleAccessControlListProperties (org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)4 ArrayList (java.util.ArrayList)3 AccessControlListProperties (org.alfresco.repo.security.permissions.AccessControlListProperties)3 LinkedHashSet (java.util.LinkedHashSet)2 NodeIdAndAclId (org.alfresco.repo.domain.node.NodeIdAndAclId)2 SimpleAccessControlList (org.alfresco.repo.security.permissions.SimpleAccessControlList)2 SimpleNodePermissionEntry (org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry)2 SimplePermissionEntry (org.alfresco.repo.security.permissions.impl.SimplePermissionEntry)2 Extend (org.alfresco.traitextender.Extend)2 Map (java.util.Map)1 Acl (org.alfresco.repo.domain.permissions.Acl)1 AuthenticationUtil (org.alfresco.repo.security.authentication.AuthenticationUtil)1 AclChange (org.alfresco.repo.security.permissions.impl.AclChange)1 SimplePermissionReference (org.alfresco.repo.security.permissions.impl.SimplePermissionReference)1 QName (org.alfresco.service.namespace.QName)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial