Example 11 with SimpleAccessControlEntry
use of org.alfresco.repo.security.permissions.SimpleAccessControlEntry in project alfresco-repository by Alfresco.
the class AbstractPermissionsDaoComponentImpl method deletePermission.
/**
* Deletes all permission entries (access control list entries) that match the given criteria. Note that the access
* control list for the node is not deleted.
*/
public void deletePermission(NodeRef nodeRef, String authority, PermissionReference permission) {
Acl acl = null;
try {
AccessControlListDAO aclDAO = getACLDAO(nodeRef);
if (aclDAO == null) {
return;
}
acl = aclDAO.getAccessControlList(nodeRef);
if (acl == null) {
return;
}
} catch (InvalidNodeRefException e) {
return;
}
// avoid NullPointerException if it was not created
if (acl == null) {
return;
}
switch(acl.getAclType()) {
case FIXED:
case GLOBAL:
case SHARED:
throw new IllegalStateException("Can not delete from this acl in a node context " + acl.getAclType());
case DEFINING:
case LAYERED:
case OLD:
default:
CreationReport report = getMutableAccessControlList(nodeRef);
SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
pattern.setAuthority(authority);
pattern.setPermission(permission);
pattern.setPosition(Integer.valueOf(0));
List<AclChange> changes = aclDaoComponent.deleteAccessControlEntries(report.getCreated().getId(), pattern);
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
break;
}
}
Also used :
InvalidNodeRefException(org.alfresco.service.cmr.repository.InvalidNodeRefException)
AclChange(org.alfresco.repo.security.permissions.impl.AclChange)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
Example 12 with SimpleAccessControlEntry
use of org.alfresco.repo.security.permissions.SimpleAccessControlEntry in project alfresco-repository by Alfresco.
the class AclDAOImpl method deleteLocalAccessControlEntries.
/**
* {@inheritDoc}
*/
@Override
public List<AclChange> deleteLocalAccessControlEntries(Long id) {
List<AclChange> changes = new ArrayList<AclChange>();
SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
pattern.setPosition(Integer.valueOf(0));
// Will remove from the cache
getWritable(id, null, Collections.singletonList(pattern), null, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
return changes;
}
Also used :
ArrayList(java.util.ArrayList)
AclChange(org.alfresco.repo.security.permissions.impl.AclChange)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
Example 13 with SimpleAccessControlEntry
use of org.alfresco.repo.security.permissions.SimpleAccessControlEntry in project alfresco-repository by Alfresco.
the class AclDAOImpl method setAccessControlEntry.
/**
* {@inheritDoc}
*/
@Override
public List<AclChange> setAccessControlEntry(final Long id, final AccessControlEntry ace) {
Acl target = aclCrudDAO.getAcl(id);
if (target.getAclType() == ACLType.SHARED) {
throw new IllegalArgumentException("Shared ACLs are immutable");
}
List<AclChange> changes = new ArrayList<AclChange>();
if ((ace.getPosition() != null) && (ace.getPosition() != 0)) {
throw new IllegalArgumentException("Invalid position");
}
// Find authority
Authority authority = aclCrudDAO.getOrCreateAuthority(ace.getAuthority());
Permission permission = aclCrudDAO.getOrCreatePermission(ace.getPermission());
// Find context
if (ace.getContext() != null) {
throw new UnsupportedOperationException();
}
// Find ACE
Ace entry = aclCrudDAO.getOrCreateAce(permission, authority, ace.getAceType(), ace.getAccessStatus());
// Wire up
// COW and remove any existing matches
SimpleAccessControlEntry exclude = new SimpleAccessControlEntry();
// match any access status
exclude.setAceType(ace.getAceType());
exclude.setAuthority(ace.getAuthority());
exclude.setPermission(ace.getPermission());
exclude.setPosition(0);
List<Ace> toAdd = new ArrayList<Ace>(1);
toAdd.add(entry);
// Will remove from the cache
getWritable(id, null, Collections.singletonList(exclude), toAdd, null, true, changes, WriteMode.COPY_UPDATE_AND_INHERIT);
return changes;
}
Also used :
ArrayList(java.util.ArrayList)
AclChange(org.alfresco.repo.security.permissions.impl.AclChange)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
Example 14 with SimpleAccessControlEntry
use of org.alfresco.repo.security.permissions.SimpleAccessControlEntry in project alfresco-repository by Alfresco.
the class AclDAOImpl method createAccessControlList.
/**
* {@inheritDoc}
*/
@Override
public Acl createAccessControlList(AccessControlListProperties properties, List<AccessControlEntry> aces, Long inherited) {
if (properties == null) {
throw new IllegalArgumentException("Properties cannot be null");
}
AclEntity acl = new AclEntity();
if (properties.getAclId() != null) {
acl.setAclId(properties.getAclId());
} else {
acl.setAclId(GUID.generate());
}
acl.setAclType(properties.getAclType());
acl.setAclVersion(Long.valueOf(1l));
switch(properties.getAclType()) {
case FIXED:
case GLOBAL:
acl.setInherits(Boolean.FALSE);
case OLD:
case SHARED:
case DEFINING:
case LAYERED:
default:
if (properties.getInherits() != null) {
acl.setInherits(properties.getInherits());
} else {
acl.setInherits(Boolean.TRUE);
}
break;
}
acl.setLatest(Boolean.TRUE);
switch(properties.getAclType()) {
case OLD:
acl.setVersioned(Boolean.FALSE);
break;
case LAYERED:
if (properties.isVersioned() != null) {
acl.setVersioned(properties.isVersioned());
} else {
acl.setVersioned(Boolean.TRUE);
}
break;
case FIXED:
case GLOBAL:
case SHARED:
case DEFINING:
default:
if (properties.isVersioned() != null) {
acl.setVersioned(properties.isVersioned());
} else {
acl.setVersioned(Boolean.FALSE);
}
break;
}
acl.setAclChangeSetId(getCurrentChangeSetId());
acl.setRequiresVersion(false);
Acl createdAcl = (AclEntity) aclCrudDAO.createAcl(acl);
long created = createdAcl.getId();
List<Ace> toAdd = new ArrayList<Ace>();
List<AccessControlEntry> excluded = new ArrayList<AccessControlEntry>();
List<AclChange> changes = new ArrayList<AclChange>();
if ((aces != null) && aces.size() > 0) {
for (AccessControlEntry ace : aces) {
if ((ace.getPosition() != null) && (ace.getPosition() != 0)) {
throw new IllegalArgumentException("Invalid position");
}
// Find authority
Authority authority = aclCrudDAO.getOrCreateAuthority(ace.getAuthority());
Permission permission = aclCrudDAO.getOrCreatePermission(ace.getPermission());
// Find context
if (ace.getContext() != null) {
throw new UnsupportedOperationException();
}
// Find ACE
Ace entry = aclCrudDAO.getOrCreateAce(permission, authority, ace.getAceType(), ace.getAccessStatus());
// Wire up
// COW and remove any existing matches
SimpleAccessControlEntry exclude = new SimpleAccessControlEntry();
// match any access status
exclude.setAceType(ace.getAceType());
exclude.setAuthority(ace.getAuthority());
exclude.setPermission(ace.getPermission());
exclude.setPosition(0);
toAdd.add(entry);
excluded.add(exclude);
// Will remove from the cache
}
}
Long toInherit = null;
if (inherited != null) {
toInherit = getInheritedAccessControlList(inherited);
}
getWritable(created, toInherit, excluded, toAdd, toInherit, false, changes, WriteMode.CREATE_AND_INHERIT);
// Fetch an up-to-date version
return getAcl(created);
}
Also used :
ArrayList(java.util.ArrayList)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry)
AclChange(org.alfresco.repo.security.permissions.impl.AclChange)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
Example 15 with SimpleAccessControlEntry
use of org.alfresco.repo.security.permissions.SimpleAccessControlEntry in project alfresco-repository by Alfresco.
the class AclDAOImpl method disableInheritanceImpl.
private List<AclChange> disableInheritanceImpl(Long id, boolean setInheritedOnAcl, AclEntity aclIn) {
List<AclChange> changes = new ArrayList<AclChange>();
if (!aclIn.getInherits()) {
return Collections.<AclChange>emptyList();
}
// Manages caching
getWritable(id, null, null, null, null, false, changes, WriteMode.COPY_ONLY);
AclUpdateEntity acl = aclCrudDAO.getAclForUpdate(changes.get(0).getAfter());
final Long inheritsFrom = acl.getInheritsFrom();
acl.setInherits(Boolean.FALSE);
acl.setAclChangeSetId(getCurrentChangeSetId());
aclCrudDAO.updateAcl(acl);
// Keep inherits from so we can reinstate if required
// acl.setInheritsFrom(-1l);
// Manages caching
getWritable(acl.getId(), null, null, null, null, true, changes, WriteMode.TRUNCATE_INHERITED);
if ((inheritsFrom != null) && (inheritsFrom != -1) && setInheritedOnAcl) {
// get aces for acl (via acl member)
List<AclMember> members = aclCrudDAO.getAclMembersByAcl(inheritsFrom);
for (AclMember member : members) {
// TODO optimise
Ace ace = aclCrudDAO.getAce(member.getAceId());
Authority authority = aclCrudDAO.getAuthority(ace.getAuthorityId());
SimpleAccessControlEntry entry = new SimpleAccessControlEntry();
entry.setAccessStatus(ace.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
entry.setAceType(ace.getAceType());
entry.setAuthority(authority.getAuthority());
/* NOTE: currently unused - intended for possible future enhancement
if (ace.getContextId() != null)
{
AceContext aceContext = aclCrudDAO.getAceContext(ace.getContextId());
SimpleAccessControlEntryContext context = new SimpleAccessControlEntryContext();
context.setClassContext(aceContext.getClassContext());
context.setKVPContext(aceContext.getKvpContext());
context.setPropertyContext(aceContext.getPropertyContext());
entry.setContext(context);
}
*/
Permission perm = aclCrudDAO.getPermission(ace.getPermissionId());
// Has an ID so must exist
QName permTypeQName = qnameDAO.getQName(perm.getTypeQNameId()).getSecond();
SimplePermissionReference permissionRefernce = SimplePermissionReference.getPermissionReference(permTypeQName, perm.getName());
entry.setPermission(permissionRefernce);
entry.setPosition(Integer.valueOf(0));
setAccessControlEntry(id, entry);
}
}
return changes;
}
Also used :
QName(org.alfresco.service.namespace.QName)
ArrayList(java.util.ArrayList)
AclChange(org.alfresco.repo.security.permissions.impl.AclChange)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
SimplePermissionReference(org.alfresco.repo.security.permissions.impl.SimplePermissionReference)
Aggregations
SimpleAccessControlEntry (org.alfresco.repo.security.permissions.SimpleAccessControlEntry)21
SimpleAccessControlListProperties (org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)9
AclChange (org.alfresco.repo.security.permissions.impl.AclChange)9
ArrayList (java.util.ArrayList)8
AccessControlListProperties (org.alfresco.repo.security.permissions.AccessControlListProperties)4
InvalidNodeRefException (org.alfresco.service.cmr.repository.InvalidNodeRefException)3
HashSet (java.util.HashSet)2
AccessControlEntry (org.alfresco.repo.security.permissions.AccessControlEntry)2
AccessControlList (org.alfresco.repo.security.permissions.AccessControlList)2
SimplePermissionReference (org.alfresco.repo.security.permissions.impl.SimplePermissionReference)2
QName (org.alfresco.service.namespace.QName)2
Map (java.util.Map)1
NodePermissionEntry (org.alfresco.repo.security.permissions.NodePermissionEntry)1
PermissionEntry (org.alfresco.repo.security.permissions.PermissionEntry)1
SimpleAccessControlList (org.alfresco.repo.security.permissions.SimpleAccessControlList)1
SimpleNodePermissionEntry (org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry)1
SimplePermissionEntry (org.alfresco.repo.security.permissions.impl.SimplePermissionEntry)1
NodeRef (org.alfresco.service.cmr.repository.NodeRef)1
