Example 6 with AccessControlListProperties
use of org.alfresco.repo.security.permissions.AccessControlListProperties in project alfresco-repository by Alfresco.
the class AclDaoComponentTest method testSimpleCow.
public void testSimpleCow() throws Exception {
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setVersioned(true);
Long id = aclDaoComponent.createAccessControlList(properties).getId();
AccessControlListProperties aclProps = aclDaoComponent.getAccessControlListProperties(id);
assertEquals(aclProps.getAclType(), ACLType.DEFINING);
assertEquals(aclProps.getAclVersion(), Long.valueOf(1l));
assertEquals(aclProps.getInherits(), Boolean.TRUE);
testTX.commit();
testTX = transactionService.getUserTransaction();
testTX.begin();
AccessControlListProperties aclPropsBefore = aclDaoComponent.getAccessControlListProperties(id);
assertEquals(aclPropsBefore.getAclType(), ACLType.DEFINING);
assertEquals(aclPropsBefore.getAclVersion(), Long.valueOf(1l));
assertEquals(aclPropsBefore.getInherits(), Boolean.TRUE);
SimpleAccessControlEntry ace1 = new SimpleAccessControlEntry();
ace1.setAccessStatus(AccessStatus.ALLOWED);
ace1.setAceType(ACEType.ALL);
ace1.setAuthority("andy");
ace1.setPermission(new SimplePermissionReference(QName.createQName("uri", "local"), "Read"));
ace1.setPosition(null);
List<AclChange> changes = aclDaoComponent.setAccessControlEntry(id, ace1);
assertEquals(changes.size(), 1);
assertEquals(changes.get(0).getBefore(), id);
assertFalse(changes.get(0).getBefore().equals(changes.get(0).getAfter()));
aclPropsBefore = aclDaoComponent.getAccessControlListProperties(changes.get(0).getBefore());
assertEquals(aclPropsBefore.getAclType(), ACLType.DEFINING);
assertEquals(aclPropsBefore.getAclVersion(), Long.valueOf(1l));
assertEquals(aclPropsBefore.getInherits(), Boolean.TRUE);
assertEquals(aclPropsBefore.isLatest(), Boolean.FALSE);
assertEquals(aclPropsBefore.isVersioned(), Boolean.TRUE);
AccessControlListProperties aclPropsAfter = aclDaoComponent.getAccessControlListProperties(changes.get(0).getAfter());
assertEquals(aclPropsAfter.getAclType(), aclPropsBefore.getAclType());
assertEquals(aclPropsAfter.getAclVersion(), Long.valueOf(aclPropsBefore.getAclVersion() + 1));
assertEquals(aclPropsAfter.getInherits(), aclPropsBefore.getInherits());
assertEquals(aclPropsAfter.getAclId(), aclPropsBefore.getAclId());
assertEquals(aclPropsAfter.isVersioned(), aclPropsBefore.isVersioned());
assertEquals(aclPropsAfter.isLatest(), Boolean.TRUE);
assertEquals(aclDaoComponent.getAccessControlList(changes.get(0).getBefore()).getEntries().size(), 0);
assertEquals(aclDaoComponent.getAccessControlList(changes.get(0).getAfter()).getEntries().size(), 1);
assertTrue(hasAce(aclDaoComponent.getAccessControlList(changes.get(0).getAfter()).getEntries(), ace1, 0));
}
Also used :
AccessControlListProperties(org.alfresco.repo.security.permissions.AccessControlListProperties)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
Example 7 with AccessControlListProperties
use of org.alfresco.repo.security.permissions.AccessControlListProperties in project alfresco-repository by Alfresco.
the class AclDAOImpl method getAccessControlList.
/**
* {@inheritDoc}
*/
@Override
public AccessControlList getAccessControlList(Long id) {
// Used the cached properties as our cache key
AccessControlListProperties properties = getAccessControlListProperties(id);
if (properties == null) {
return null;
}
AccessControlList aclCached = aclCache.get((Serializable) properties);
if (aclCached != null) {
return aclCached;
}
SimpleAccessControlList acl = new SimpleAccessControlList();
acl.setProperties(properties);
List<Map<String, Object>> results = aclCrudDAO.getAcesAndAuthoritiesByAcl(id);
List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>(results.size());
for (Map<String, Object> result : results) // for (AclMemberEntity member : members)
{
Boolean aceIsAllowed = (Boolean) result.get("allowed");
Integer aceType = (Integer) result.get("applies");
String authority = (String) result.get("authority");
Long permissionId = (Long) result.get("permissionId");
Integer position = (Integer) result.get("pos");
// Long result_aclmemId = (Long) result.get("aclmemId"); // not used here
SimpleAccessControlEntry sacEntry = new SimpleAccessControlEntry();
sacEntry.setAccessStatus(aceIsAllowed ? AccessStatus.ALLOWED : AccessStatus.DENIED);
sacEntry.setAceType(ACEType.getACETypeFromId(aceType));
sacEntry.setAuthority(authority);
// if (entry.getContext() != null)
// {
// SimpleAccessControlEntryContext context = new SimpleAccessControlEntryContext();
// context.setClassContext(entry.getContext().getClassContext());
// context.setKVPContext(entry.getContext().getKvpContext());
// context.setPropertyContext(entry.getContext().getPropertyContext());
// sacEntry.setContext(context);
// }
Permission perm = aclCrudDAO.getPermission(permissionId);
// Has an ID so must exist
QName permTypeQName = qnameDAO.getQName(perm.getTypeQNameId()).getSecond();
SimplePermissionReference permissionRefernce = SimplePermissionReference.getPermissionReference(permTypeQName, perm.getName());
sacEntry.setPermission(permissionRefernce);
sacEntry.setPosition(position);
entries.add(sacEntry);
}
Collections.sort(entries);
acl.setEntries(entries);
// Cache it for next time
aclCache.put((Serializable) properties, acl);
return acl;
}
Also used :
AccessControlList(org.alfresco.repo.security.permissions.AccessControlList)
SimpleAccessControlList(org.alfresco.repo.security.permissions.SimpleAccessControlList)
SimpleAccessControlList(org.alfresco.repo.security.permissions.SimpleAccessControlList)
QName(org.alfresco.service.namespace.QName)
ArrayList(java.util.ArrayList)
AccessControlListProperties(org.alfresco.repo.security.permissions.AccessControlListProperties)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
SimplePermissionReference(org.alfresco.repo.security.permissions.impl.SimplePermissionReference)
Map(java.util.Map)
Example 8 with AccessControlListProperties
use of org.alfresco.repo.security.permissions.AccessControlListProperties in project alfresco-repository by Alfresco.
the class ADMAccessControlListDAO method fixOldDmAcls.
private CounterSet fixOldDmAcls(Long nodeId, Long existingNodeAclId, Long inheritedAclId, boolean isRoot) {
CounterSet result = new CounterSet();
// If existingNodeAclId is not null and equal to inheritedAclId then we know we have hit a shared ACL we have bulk set
// - just carry on in this case - we do not need to get the acl
Long newDefiningAcl = null;
if ((existingNodeAclId != null) && (existingNodeAclId.equals(inheritedAclId))) {
// nothing to do except move into the children
} else {
AccessControlList existing = null;
if (existingNodeAclId != null) {
existing = aclDaoComponent.getAccessControlList(existingNodeAclId);
}
if (existing != null) {
if (existing.getProperties().getAclType() == ACLType.OLD) {
result.increment(ACLType.DEFINING);
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(aclDaoComponent.getDefaultProperties());
properties.setInherits(existing.getProperties().getInherits());
Long actuallyInherited = null;
if (existing.getProperties().getInherits()) {
if (inheritedAclId != null) {
actuallyInherited = inheritedAclId;
}
}
Acl newAcl = aclDaoComponent.createAccessControlList(properties, existing.getEntries(), actuallyInherited);
newDefiningAcl = newAcl.getId();
nodeDAO.setNodeAclId(nodeId, newDefiningAcl);
} else if (existing.getProperties().getAclType() == ACLType.SHARED) {
// nothing to do just cascade into the children - we most likely did a bulk set above.
// TODO: Check shared ACL set is correct
} else {
// Check inheritance is correct
return result;
}
} else {
// Set default ACL on roots with no settings
if (isRoot) {
result.increment(ACLType.DEFINING);
AccessControlListProperties properties = aclDaoComponent.getDefaultProperties();
Acl newAcl = aclDaoComponent.createAccessControlList(properties);
newDefiningAcl = newAcl.getId();
nodeDAO.setNodeAclId(nodeId, newDefiningAcl);
} else {
// Unset - simple inherit
nodeDAO.setNodeAclId(nodeId, inheritedAclId);
}
}
}
Long toInherit = null;
List<NodeIdAndAclId> children = nodeDAO.getPrimaryChildrenAcls(nodeId);
if (children.size() > 0) {
// Only make inherited if required
if (newDefiningAcl == null) {
toInherit = inheritedAclId;
} else {
toInherit = aclDaoComponent.getInheritedAccessControlList(newDefiningAcl);
}
}
if (children.size() > 0) {
nodeDAO.setPrimaryChildrenSharedAclId(nodeId, null, toInherit);
}
for (NodeIdAndAclId child : children) {
CounterSet update = fixOldDmAcls(child.getId(), child.getAclId(), toInherit, false);
result.add(update);
}
return result;
}
Also used :
AccessControlList(org.alfresco.repo.security.permissions.AccessControlList)
AccessControlListProperties(org.alfresco.repo.security.permissions.AccessControlListProperties)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
NodeIdAndAclId(org.alfresco.repo.domain.node.NodeIdAndAclId)
Example 9 with AccessControlListProperties
use of org.alfresco.repo.security.permissions.AccessControlListProperties in project alfresco-repository by Alfresco.
the class AbstractNodeDAOImpl method newNode.
@Override
public ChildAssocEntity newNode(Long parentNodeId, QName assocTypeQName, QName assocQName, StoreRef storeRef, String uuid, QName nodeTypeQName, Locale nodeLocale, String childNodeName, Map<QName, Serializable> auditableProperties) throws InvalidTypeException {
Assert.notNull(parentNodeId, "parentNodeId");
Assert.notNull(assocTypeQName, "assocTypeQName");
Assert.notNull(assocQName, "assocQName");
Assert.notNull(storeRef, "storeRef");
if (auditableProperties == null) {
auditableProperties = Collections.emptyMap();
}
// Get the parent node
Node parentNode = getNodeNotNull(parentNodeId, true);
// Find an initial ACL for the node
Long parentAclId = parentNode.getAclId();
AccessControlListProperties inheritedAcl = null;
Long childAclId = null;
if (parentAclId != null) {
try {
Long inheritedACL = aclDAO.getInheritedAccessControlList(parentAclId);
inheritedAcl = aclDAO.getAccessControlListProperties(inheritedACL);
if (inheritedAcl != null) {
childAclId = inheritedAcl.getId();
}
} catch (RuntimeException e) {
// The get* calls above actually do writes. So pessimistically get rid of the
// parent node from the cache in case it was wrong somehow.
invalidateNodeCaches(parentNodeId);
// Rethrow for a retry (ALF-17286)
throw new RuntimeException("Failure while 'getting' inherited ACL or ACL properties: \n" + " parent ACL ID: " + parentAclId + "\n" + " inheritied ACL: " + inheritedAcl, e);
}
}
// Build the cm:auditable properties
AuditablePropertiesEntity auditableProps = new AuditablePropertiesEntity();
boolean setAuditProps = auditableProps.setAuditValues(null, null, auditableProperties);
if (!setAuditProps) {
// No cm:auditable properties were supplied
auditableProps = null;
}
// Get the store
StoreEntity store = getStoreNotNull(storeRef);
// Create the node (it is not a root node)
Long nodeTypeQNameId = qnameDAO.getOrCreateQName(nodeTypeQName).getFirst();
Long nodeLocaleId = localeDAO.getOrCreateLocalePair(nodeLocale).getFirst();
NodeEntity node = newNodeImpl(store, uuid, nodeTypeQNameId, nodeLocaleId, childAclId, auditableProps, true);
Long nodeId = node.getId();
// Protect the node's cm:auditable if it was explicitly set
if (setAuditProps) {
NodeRef nodeRef = node.getNodeRef();
policyBehaviourFilter.disableBehaviour(nodeRef, ContentModel.ASPECT_AUDITABLE);
}
// Now create a primary association for it
if (childNodeName == null) {
childNodeName = node.getUuid();
}
ChildAssocEntity assoc = newChildAssocImpl(parentNodeId, nodeId, true, assocTypeQName, assocQName, childNodeName, false);
// There will be no other parent assocs
boolean isRoot = false;
boolean isStoreRoot = nodeTypeQName.equals(ContentModel.TYPE_STOREROOT);
ParentAssocsInfo parentAssocsInfo = new ParentAssocsInfo(isRoot, isStoreRoot, assoc);
setParentAssocsCached(nodeId, parentAssocsInfo);
if (isDebugEnabled) {
logger.debug("Created new node: \n" + " Node: " + node + "\n" + " Assoc: " + assoc);
}
return assoc;
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
AlfrescoRuntimeException(org.alfresco.error.AlfrescoRuntimeException)
AccessControlListProperties(org.alfresco.repo.security.permissions.AccessControlListProperties)
Example 10 with AccessControlListProperties
use of org.alfresco.repo.security.permissions.AccessControlListProperties in project alfresco-repository by Alfresco.
the class AclDaoComponentTest method testSimpleInheritFromDefining.
public void testSimpleInheritFromDefining() {
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setVersioned(true);
AccessControlListProperties aclProps = aclDaoComponent.createAccessControlList(properties);
long id = aclProps.getId();
assertEquals(aclProps.getAclType(), ACLType.DEFINING);
assertEquals(aclProps.getAclVersion(), Long.valueOf(1l));
assertEquals(aclProps.getInherits(), Boolean.TRUE);
assertEquals(aclDaoComponent.getAccessControlListProperties(id), aclProps);
SimpleAccessControlEntry ace1 = new SimpleAccessControlEntry();
ace1.setAccessStatus(AccessStatus.ALLOWED);
ace1.setAceType(ACEType.ALL);
ace1.setAuthority("andy");
ace1.setPermission(new SimplePermissionReference(QName.createQName("uri", "local"), "Read"));
ace1.setPosition(null);
aclDaoComponent.setAccessControlEntry(id, ace1);
AccessControlList defined = aclDaoComponent.getAccessControlList(id);
assertEquals(defined.getProperties().getAclType(), ACLType.DEFINING);
assertEquals(defined.getProperties().getAclVersion(), Long.valueOf(1l));
assertEquals(defined.getProperties().getInherits(), Boolean.TRUE);
assertEquals(defined.getEntries().size(), 1);
assertTrue(hasAce(defined.getEntries(), ace1, 0));
Long sharedId = aclDaoComponent.getInheritedAccessControlList(id);
AccessControlListProperties sharedProps = aclDaoComponent.getAccessControlListProperties(sharedId);
assertEquals(sharedProps.getAclType(), ACLType.SHARED);
assertEquals(sharedProps.getAclVersion(), Long.valueOf(1l));
assertEquals(sharedProps.getInherits(), Boolean.TRUE);
assertEquals(aclDaoComponent.getInheritedAccessControlList(id), sharedId);
AccessControlList shared = aclDaoComponent.getAccessControlList(sharedId);
assertEquals(shared.getProperties().getAclType(), ACLType.SHARED);
assertEquals(shared.getProperties().getAclVersion(), Long.valueOf(1l));
assertEquals(shared.getProperties().getInherits(), Boolean.TRUE);
assertEquals(shared.getEntries().size(), 1);
assertTrue(hasAce(shared.getEntries(), ace1, 1));
SimpleAccessControlEntry ace2 = new SimpleAccessControlEntry();
ace2.setAccessStatus(AccessStatus.ALLOWED);
ace2.setAceType(ACEType.ALL);
ace2.setAuthority("paul");
ace2.setPermission(new SimplePermissionReference(QName.createQName("uri", "local"), "Write"));
ace2.setPosition(null);
aclDaoComponent.setAccessControlEntry(id, ace2);
defined = aclDaoComponent.getAccessControlList(id);
assertEquals(defined.getProperties().getAclType(), ACLType.DEFINING);
assertEquals(defined.getProperties().getAclVersion(), Long.valueOf(1l));
assertEquals(defined.getProperties().getInherits(), Boolean.TRUE);
assertEquals(defined.getEntries().size(), 2);
assertTrue(hasAce(defined.getEntries(), ace1, 0));
assertTrue(hasAce(defined.getEntries(), ace2, 0));
sharedId = aclDaoComponent.getInheritedAccessControlList(id);
shared = aclDaoComponent.getAccessControlList(sharedId);
assertEquals(shared.getProperties().getAclType(), ACLType.SHARED);
assertEquals(shared.getProperties().getAclVersion(), Long.valueOf(1l));
assertEquals(shared.getProperties().getInherits(), Boolean.TRUE);
assertEquals(shared.getEntries().size(), 2);
assertTrue(hasAce(shared.getEntries(), ace1, 1));
assertTrue(hasAce(shared.getEntries(), ace2, 1));
}
Also used :
AccessControlList(org.alfresco.repo.security.permissions.AccessControlList)
AccessControlListProperties(org.alfresco.repo.security.permissions.AccessControlListProperties)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
Aggregations
AccessControlListProperties (org.alfresco.repo.security.permissions.AccessControlListProperties)14
SimpleAccessControlListProperties (org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)11
SimpleAccessControlEntry (org.alfresco.repo.security.permissions.SimpleAccessControlEntry)4
AccessControlList (org.alfresco.repo.security.permissions.AccessControlList)3
NodeRef (org.alfresco.service.cmr.repository.NodeRef)3
ArrayList (java.util.ArrayList)2
QName (org.alfresco.service.namespace.QName)2
Serializable (java.io.Serializable)1
HashSet (java.util.HashSet)1
LinkedHashSet (java.util.LinkedHashSet)1
Map (java.util.Map)1
Set (java.util.Set)1
Authentication (net.sf.acegisecurity.Authentication)1
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)1
NodeIdAndAclId (org.alfresco.repo.domain.node.NodeIdAndAclId)1
AccessControlEntry (org.alfresco.repo.security.permissions.AccessControlEntry)1
PermissionReference (org.alfresco.repo.security.permissions.PermissionReference)1
SimpleAccessControlList (org.alfresco.repo.security.permissions.SimpleAccessControlList)1
SimplePermissionReference (org.alfresco.repo.security.permissions.impl.SimplePermissionReference)1
Acl (org.alfresco.repo.solr.Acl)1
