Example 11 with SimplePermissionEntry
use of org.alfresco.repo.security.permissions.impl.SimplePermissionEntry in project alfresco-repository by Alfresco.
the class AbstractPermissionsDaoComponentImpl method createSimpleNodePermissionEntry.
private SimpleNodePermissionEntry createSimpleNodePermissionEntry(StoreRef storeRef) {
Acl acl = getACLDAO(storeRef).getAccessControlList(storeRef);
if (acl == null) {
// there isn't an access control list for the node - spoof a null one
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(null, true, Collections.<SimplePermissionEntry>emptyList());
return snpe;
} else {
AccessControlList info = aclDaoComponent.getAccessControlList(acl.getId());
ArrayList<SimplePermissionEntry> spes = new ArrayList<SimplePermissionEntry>(info.getEntries().size());
for (AccessControlEntry entry : info.getEntries()) {
SimplePermissionEntry spe = new SimplePermissionEntry(null, entry.getPermission(), entry.getAuthority(), entry.getAccessStatus(), entry.getPosition());
spes.add(spe);
}
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(null, acl.getInherits(), spes);
return snpe;
}
}
Also used :
AccessControlList(org.alfresco.repo.security.permissions.AccessControlList)
SimpleNodePermissionEntry(org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry)
ArrayList(java.util.ArrayList)
SimplePermissionEntry(org.alfresco.repo.security.permissions.impl.SimplePermissionEntry)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry)
Example 12 with SimplePermissionEntry
use of org.alfresco.repo.security.permissions.impl.SimplePermissionEntry in project alfresco-repository by Alfresco.
the class AbstractPermissionsDaoComponentImpl method createSimpleNodePermissionEntry.
// Utility methods to create simple detached objects for the outside world
// We do not pass out the hibernate objects
private SimpleNodePermissionEntry createSimpleNodePermissionEntry(NodeRef nodeRef) {
Acl acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
if (acl == null) {
// there isn't an access control list for the node - spoof a null one
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections.<SimplePermissionEntry>emptyList());
return snpe;
} else {
AccessControlList info = aclDaoComponent.getAccessControlList(acl.getId());
SimpleNodePermissionEntry cached = info.getCachedSimpleNodePermissionEntry();
if (cached != null) {
return cached;
}
ArrayList<SimplePermissionEntry> spes = new ArrayList<SimplePermissionEntry>(info.getEntries().size());
for (AccessControlEntry entry : info.getEntries()) {
SimplePermissionEntry spe = new SimplePermissionEntry(nodeRef, entry.getPermission(), entry.getAuthority(), entry.getAccessStatus(), entry.getPosition());
spes.add(spe);
}
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, acl.getInherits(), spes);
info.setCachedSimpleNodePermissionEntry(snpe);
return snpe;
}
}
Also used :
AccessControlList(org.alfresco.repo.security.permissions.AccessControlList)
SimpleNodePermissionEntry(org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry)
ArrayList(java.util.ArrayList)
SimplePermissionEntry(org.alfresco.repo.security.permissions.impl.SimplePermissionEntry)
SimpleAccessControlEntry(org.alfresco.repo.security.permissions.SimpleAccessControlEntry)
AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry)
Example 13 with SimplePermissionEntry
use of org.alfresco.repo.security.permissions.impl.SimplePermissionEntry in project alfresco-remote-api by Alfresco.
the class CommentsApiTest method testCommentPermissions.
/**
* MNT-9771
* @throws Exception
*/
public void testCommentPermissions() throws Exception {
authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName());
UserTransaction txn = transactionService.getUserTransaction();
txn.begin();
NodeRef contentForUserContributor = fileFolderService.create(companyHomeNodeRef, "CommentyContributor" + System.currentTimeMillis(), ContentModel.TYPE_CONTENT).getNodeRef();
permissionService.setPermission(new SimplePermissionEntry(contentForUserContributor, getPermission(PermissionService.CONTRIBUTOR), USER_TEST, AccessStatus.ALLOWED));
NodeRef contentForUserConsumer = fileFolderService.create(companyHomeNodeRef, "CommentyConsumer" + System.currentTimeMillis(), ContentModel.TYPE_CONTENT).getNodeRef();
permissionService.setPermission(new SimplePermissionEntry(contentForUserConsumer, getPermission(PermissionService.CONSUMER), USER_TEST, AccessStatus.ALLOWED));
// Contributor should be able to add comments
addComment(contentForUserContributor, USER_TEST, 200);
// Hack. Internally, the addComment starts and rolls back the next txn.
txn.commit();
// Consumer shouldn't be able to add comments see MNT-9883
addComment(contentForUserConsumer, USER_TEST, 500);
txn = transactionService.getUserTransaction();
txn.begin();
nodeService.deleteNode(contentForUserContributor);
nodeService.deleteNode(contentForUserConsumer);
txn.commit();
}
Also used :
UserTransaction(javax.transaction.UserTransaction)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
SimplePermissionEntry(org.alfresco.repo.security.permissions.impl.SimplePermissionEntry)
Example 14 with SimplePermissionEntry
use of org.alfresco.repo.security.permissions.impl.SimplePermissionEntry in project alfresco-repository by Alfresco.
the class ACLEntryVoterTest method testBasicAllowNode.
public void testBasicAllowNode() throws Exception {
runAs("andy");
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED));
Object o = new ClassWithMethods();
Method method = o.getClass().getMethod("testOneNodeRef", new Class[] { NodeRef.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.0.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
method.invoke(proxy, new Object[] { rootNodeRef });
}
Also used :
SingletonTargetSource(org.springframework.aop.target.SingletonTargetSource)
ProxyFactory(org.springframework.aop.framework.ProxyFactory)
SimplePermissionEntry(org.alfresco.repo.security.permissions.impl.SimplePermissionEntry)
GlobalAdvisorAdapterRegistry(org.springframework.aop.framework.adapter.GlobalAdvisorAdapterRegistry)
AdvisorAdapterRegistry(org.springframework.aop.framework.adapter.AdvisorAdapterRegistry)
Method(java.lang.reflect.Method)
MethodInterceptor(org.aopalliance.intercept.MethodInterceptor)
Example 15 with SimplePermissionEntry
use of org.alfresco.repo.security.permissions.impl.SimplePermissionEntry in project alfresco-repository by Alfresco.
the class ACLEntryAfterInvocationTest method testWhenNodesCheckedExceedsTargetResultCount.
public void testWhenNodesCheckedExceedsTargetResultCount() throws IllegalArgumentException, IllegalAccessException, InvocationTargetException, SecurityException, NoSuchMethodException {
// ALF-11709: If 'count' nodes have been checked and that number exceeds targetResultCount
// this should not stop further checks from happening, when the number of successful
// security checks ('keepValues') is less then targetResultCount. If this does not hold true,
// then in the case where the first targetResultCount checks are unsuccessful then the
// method will not return any values that should be present. For example, if user_9999 looks
// at User Homes, and there are folders user_0001 through to user_9998 being checked before user_9999's
// folder - then if targetResultCount is only 1000, user_9999 will not see any folders in User Homes
// however, they should see one folder - their own.
runAs(AuthenticationUtil.getAdminUserName());
NodeRef n1 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
NodeRef n2 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
NodeRef n3 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
NodeRef n4 = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
// Set nodes n1..n3 to be unviewable by "andy" (using inherited permissions)
permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.ALL_PERMISSIONS), "andy", AccessStatus.DENIED));
// The last node n4 can be seen (override the inherited permissions)
permissionService.setPermission(new SimplePermissionEntry(n4, getPermission(PermissionService.ALL_PERMISSIONS), "andy", AccessStatus.ALLOWED));
runAs("andy");
Object o = new ClassWithMethods();
Method methodCollection = o.getClass().getMethod("echoCollection", new Class[] { Collection.class });
AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance();
ProxyFactory proxyFactory = new ProxyFactory();
proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("AFTER_ACL_NODE.sys:base.Read")));
proxyFactory.setTargetSource(new SingletonTargetSource(o));
Object proxy = proxyFactory.getProxy();
List<NodeRef> nodeRefList = new ArrayList<NodeRef>(Arrays.asList(n1, n2, n3, n4));
// targetResultCount = 3. The first three nodes are not visible by the user, so the logic
// must not count those towards the targetResultCount cutoff.
Collection<?> answerCollection = (Collection<?>) methodCollection.invoke(proxy, new Object[] { PermissionCheckCollectionMixin.create(nodeRefList, 3, 0, 0) });
assertEquals(1, answerCollection.size());
assertEquals(n4, answerCollection.iterator().next());
}
Also used :
ProxyFactory(org.springframework.aop.framework.ProxyFactory)
ArrayList(java.util.ArrayList)
Method(java.lang.reflect.Method)
SingletonTargetSource(org.springframework.aop.target.SingletonTargetSource)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
SimplePermissionEntry(org.alfresco.repo.security.permissions.impl.SimplePermissionEntry)
GlobalAdvisorAdapterRegistry(org.springframework.aop.framework.adapter.GlobalAdvisorAdapterRegistry)
AdvisorAdapterRegistry(org.springframework.aop.framework.adapter.AdvisorAdapterRegistry)
Collection(java.util.Collection)
MethodInterceptor(org.aopalliance.intercept.MethodInterceptor)
Aggregations
SimplePermissionEntry (org.alfresco.repo.security.permissions.impl.SimplePermissionEntry)32
Method (java.lang.reflect.Method)26
MethodInterceptor (org.aopalliance.intercept.MethodInterceptor)26
ProxyFactory (org.springframework.aop.framework.ProxyFactory)26
AdvisorAdapterRegistry (org.springframework.aop.framework.adapter.AdvisorAdapterRegistry)26
GlobalAdvisorAdapterRegistry (org.springframework.aop.framework.adapter.GlobalAdvisorAdapterRegistry)26
SingletonTargetSource (org.springframework.aop.target.SingletonTargetSource)26
InvocationTargetException (java.lang.reflect.InvocationTargetException)10
NodeRef (org.alfresco.service.cmr.repository.NodeRef)8
ArrayList (java.util.ArrayList)6
Collection (java.util.Collection)3
SimpleNodePermissionEntry (org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry)3
HashSet (java.util.HashSet)2
ChildAssocRefResultSet (org.alfresco.repo.search.results.ChildAssocRefResultSet)2
AccessControlEntry (org.alfresco.repo.security.permissions.AccessControlEntry)2
AccessControlList (org.alfresco.repo.security.permissions.AccessControlList)2
SimpleAccessControlEntry (org.alfresco.repo.security.permissions.SimpleAccessControlEntry)2
ChildAssociationRef (org.alfresco.service.cmr.repository.ChildAssociationRef)2
ResultSet (org.alfresco.service.cmr.search.ResultSet)2
LinkedList (java.util.LinkedList)1
