Example 6 with SimpleAccessControlListProperties
use of org.alfresco.repo.security.permissions.SimpleAccessControlListProperties in project alfresco-repository by Alfresco.
the class AclDAOImpl method getCopy.
private Long getCopy(Long toCopy, Long toInheritFrom, ACLCopyMode mode) {
AclUpdateEntity aclToCopy;
Long inheritedId;
Acl aclToInheritFrom;
switch(mode) {
case INHERIT:
if (toCopy.equals(toInheritFrom)) {
return getInheritedAccessControlList(toCopy);
} else {
throw new UnsupportedOperationException();
}
case COW:
aclToCopy = aclCrudDAO.getAclForUpdate(toCopy);
aclToCopy.setRequiresVersion(true);
aclToCopy.setAclChangeSetId(getCurrentChangeSetId());
aclCrudDAO.updateAcl(aclToCopy);
inheritedId = getInheritedAccessControlList(toCopy);
if ((inheritedId != null) && (!inheritedId.equals(toCopy))) {
AclUpdateEntity inheritedAcl = aclCrudDAO.getAclForUpdate(inheritedId);
inheritedAcl.setRequiresVersion(true);
inheritedAcl.setAclChangeSetId(getCurrentChangeSetId());
aclCrudDAO.updateAcl(inheritedAcl);
}
return toCopy;
case REDIRECT:
if ((toInheritFrom != null) && (toInheritFrom.equals(toCopy))) {
return getInheritedAccessControlList(toInheritFrom);
}
aclToCopy = aclCrudDAO.getAclForUpdate(toCopy);
aclToInheritFrom = null;
if (toInheritFrom != null) {
aclToInheritFrom = aclCrudDAO.getAcl(toInheritFrom);
}
switch(aclToCopy.getAclType()) {
case DEFINING:
// So this needs to make a copy in the same way layered does
case LAYERED:
if (toInheritFrom == null) {
return toCopy;
}
// manages cache clearing beneath
List<AclChange> changes = mergeInheritedAccessControlList(toInheritFrom, toCopy);
for (AclChange change : changes) {
if (change.getBefore().equals(toCopy)) {
return change.getAfter();
}
}
throw new UnsupportedOperationException();
case SHARED:
if (aclToInheritFrom != null) {
return getInheritedAccessControlList(toInheritFrom);
} else {
throw new UnsupportedOperationException();
}
case FIXED:
case GLOBAL:
case OLD:
return toCopy;
default:
throw new UnsupportedOperationException();
}
case COPY:
aclToCopy = aclCrudDAO.getAclForUpdate(toCopy);
aclToInheritFrom = null;
if (toInheritFrom != null) {
aclToInheritFrom = aclCrudDAO.getAcl(toInheritFrom);
}
switch(aclToCopy.getAclType()) {
case DEFINING:
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setInherits(aclToCopy.getInherits());
properties.setVersioned(true);
Long id = createAccessControlList(properties).getId();
AccessControlList indirectAcl = getAccessControlList(toCopy);
for (AccessControlEntry entry : indirectAcl.getEntries()) {
if (entry.getPosition() == 0) {
setAccessControlEntry(id, entry);
}
}
if (aclToInheritFrom != null) {
mergeInheritedAccessControlList(toInheritFrom, id);
}
return id;
case SHARED:
if (aclToInheritFrom != null) {
return getInheritedAccessControlList(toInheritFrom);
} else {
return null;
}
case FIXED:
case GLOBAL:
case LAYERED:
case OLD:
return toCopy;
default:
throw new UnsupportedOperationException();
}
default:
throw new UnsupportedOperationException();
}
}
Also used :
AccessControlList(org.alfresco.repo.security.permissions.AccessControlList)
SimpleAccessControlList(org.alfresco.repo.security.permissions.SimpleAccessControlList)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry)
AclChange(org.alfresco.repo.security.permissions.impl.AclChange)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
Example 7 with SimpleAccessControlListProperties
use of org.alfresco.repo.security.permissions.SimpleAccessControlListProperties in project alfresco-repository by Alfresco.
the class AclDAOImpl method getInheritedAccessControlList.
/**
* {@inheritDoc}
*/
@Override
public Long getInheritedAccessControlList(Long id) {
AclUpdateEntity acl = aclCrudDAO.getAclForUpdate(id);
if (acl.getAclType() == ACLType.OLD) {
return null;
}
if ((acl.getInheritedAcl() != null) && (acl.getInheritedAcl() != -1)) {
return acl.getInheritedAcl();
}
Long inheritedAclId = null;
if ((acl.getAclType() == ACLType.DEFINING) || (acl.getAclType() == ACLType.LAYERED)) {
List<AclChange> changes = new ArrayList<AclChange>();
// created shared acl
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.SHARED);
properties.setInherits(Boolean.TRUE);
properties.setVersioned(acl.isVersioned());
Long sharedId = createAccessControlList(properties, null, null).getId();
getWritable(sharedId, id, null, null, id, true, changes, WriteMode.ADD_INHERITED);
acl.setInheritedAcl(sharedId);
inheritedAclId = sharedId;
} else {
acl.setInheritedAcl(acl.getId());
inheritedAclId = acl.getId();
}
acl.setAclChangeSetId(getCurrentChangeSetId());
aclCrudDAO.updateAcl(acl);
return inheritedAclId;
}
Also used :
ArrayList(java.util.ArrayList)
AclChange(org.alfresco.repo.security.permissions.impl.AclChange)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
Example 8 with SimpleAccessControlListProperties
use of org.alfresco.repo.security.permissions.SimpleAccessControlListProperties in project alfresco-repository by Alfresco.
the class ADMPermissionsDaoComponentImpl method replaceWithCleanDefiningAcl.
/**
* @param nodeRef NodeRef
* @param acl Acl
*/
private void replaceWithCleanDefiningAcl(NodeRef nodeRef, Acl acl) {
// TODO: could just clear out existing
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setInherits(Boolean.FALSE);
properties.setVersioned(false);
Acl newAcl = aclDaoComponent.createAccessControlList(properties);
long id = newAcl.getId();
getACLDAO(nodeRef).setAccessControlList(nodeRef, newAcl);
List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id, acl.getInheritedAcl()));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
aclDaoComponent.deleteAccessControlList(acl.getId());
}
Also used :
ArrayList(java.util.ArrayList)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
AclChange(org.alfresco.repo.security.permissions.impl.AclChange)
Example 9 with SimpleAccessControlListProperties
use of org.alfresco.repo.security.permissions.SimpleAccessControlListProperties in project alfresco-repository by Alfresco.
the class ADMAccessControlListDAO method fixOldDmAcls.
private CounterSet fixOldDmAcls(Long nodeId, Long existingNodeAclId, Long inheritedAclId, boolean isRoot) {
CounterSet result = new CounterSet();
// If existingNodeAclId is not null and equal to inheritedAclId then we know we have hit a shared ACL we have bulk set
// - just carry on in this case - we do not need to get the acl
Long newDefiningAcl = null;
if ((existingNodeAclId != null) && (existingNodeAclId.equals(inheritedAclId))) {
// nothing to do except move into the children
} else {
AccessControlList existing = null;
if (existingNodeAclId != null) {
existing = aclDaoComponent.getAccessControlList(existingNodeAclId);
}
if (existing != null) {
if (existing.getProperties().getAclType() == ACLType.OLD) {
result.increment(ACLType.DEFINING);
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(aclDaoComponent.getDefaultProperties());
properties.setInherits(existing.getProperties().getInherits());
Long actuallyInherited = null;
if (existing.getProperties().getInherits()) {
if (inheritedAclId != null) {
actuallyInherited = inheritedAclId;
}
}
Acl newAcl = aclDaoComponent.createAccessControlList(properties, existing.getEntries(), actuallyInherited);
newDefiningAcl = newAcl.getId();
nodeDAO.setNodeAclId(nodeId, newDefiningAcl);
} else if (existing.getProperties().getAclType() == ACLType.SHARED) {
// nothing to do just cascade into the children - we most likely did a bulk set above.
// TODO: Check shared ACL set is correct
} else {
// Check inheritance is correct
return result;
}
} else {
// Set default ACL on roots with no settings
if (isRoot) {
result.increment(ACLType.DEFINING);
AccessControlListProperties properties = aclDaoComponent.getDefaultProperties();
Acl newAcl = aclDaoComponent.createAccessControlList(properties);
newDefiningAcl = newAcl.getId();
nodeDAO.setNodeAclId(nodeId, newDefiningAcl);
} else {
// Unset - simple inherit
nodeDAO.setNodeAclId(nodeId, inheritedAclId);
}
}
}
Long toInherit = null;
List<NodeIdAndAclId> children = nodeDAO.getPrimaryChildrenAcls(nodeId);
if (children.size() > 0) {
// Only make inherited if required
if (newDefiningAcl == null) {
toInherit = inheritedAclId;
} else {
toInherit = aclDaoComponent.getInheritedAccessControlList(newDefiningAcl);
}
}
if (children.size() > 0) {
nodeDAO.setPrimaryChildrenSharedAclId(nodeId, null, toInherit);
}
for (NodeIdAndAclId child : children) {
CounterSet update = fixOldDmAcls(child.getId(), child.getAclId(), toInherit, false);
result.add(update);
}
return result;
}
Also used :
AccessControlList(org.alfresco.repo.security.permissions.AccessControlList)
AccessControlListProperties(org.alfresco.repo.security.permissions.AccessControlListProperties)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
NodeIdAndAclId(org.alfresco.repo.domain.node.NodeIdAndAclId)
Example 10 with SimpleAccessControlListProperties
use of org.alfresco.repo.security.permissions.SimpleAccessControlListProperties in project alfresco-repository by Alfresco.
the class ADMPermissionsDaoComponentImpl method createAccessControlList.
@Override
protected CreationReport createAccessControlList(NodeRef nodeRef, boolean inherit, Acl existing) {
if (existing == null) {
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setInherits(inherit);
properties.setVersioned(false);
Acl acl = aclDaoComponent.createAccessControlList(properties);
long id = acl.getId();
List<AclChange> changes = new ArrayList<AclChange>();
changes.add(new AclDAOImpl.AclChangeImpl(null, id, null, acl.getAclType()));
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id, null));
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
return new CreationReport(acl, changes);
}
SimpleAccessControlListProperties properties;
Long id;
List<AclChange> changes;
Acl acl;
switch(existing.getAclType()) {
case OLD:
throw new IllegalStateException("Can not mix old and new style permissions");
case DEFINING:
return new CreationReport(existing, Collections.<AclChange>emptyList());
case FIXED:
case GLOBAL:
case SHARED:
// create new defining, wire up and report changes to acl required.
properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setInherits(existing.getInherits());
properties.setVersioned(false);
acl = aclDaoComponent.createAccessControlList(properties);
id = acl.getId();
changes = new ArrayList<AclChange>();
changes.add(new AclDAOImpl.AclChangeImpl(existing.getId(), id, existing.getAclType(), acl.getAclType()));
changes.addAll(aclDaoComponent.mergeInheritedAccessControlList(existing.getId(), id));
// set this to inherit to children
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id, aclDaoComponent.getInheritedAccessControlList(existing.getId())));
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
return new CreationReport(acl, changes);
case LAYERED:
throw new IllegalStateException("Layering is not supported for DM permissions");
default:
throw new IllegalStateException("Unknown type " + existing.getAclType());
}
}
Also used :
ArrayList(java.util.ArrayList)
SimpleAccessControlListProperties(org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)
AclChange(org.alfresco.repo.security.permissions.impl.AclChange)
Aggregations
SimpleAccessControlListProperties (org.alfresco.repo.security.permissions.SimpleAccessControlListProperties)21
AccessControlListProperties (org.alfresco.repo.security.permissions.AccessControlListProperties)9
SimpleAccessControlEntry (org.alfresco.repo.security.permissions.SimpleAccessControlEntry)9
AclChange (org.alfresco.repo.security.permissions.impl.AclChange)4
ArrayList (java.util.ArrayList)3
AccessControlList (org.alfresco.repo.security.permissions.AccessControlList)3
HashSet (java.util.HashSet)2
NodeIdAndAclId (org.alfresco.repo.domain.node.NodeIdAndAclId)1
AccessControlEntry (org.alfresco.repo.security.permissions.AccessControlEntry)1
SimpleAccessControlList (org.alfresco.repo.security.permissions.SimpleAccessControlList)1
