Example 6 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-remote-api by Alfresco.
the class NodeBrowserPost method getPermissions.
/**
* Gets the current node permissions
*
* @return the permissions
*/
public List<Permission> getPermissions(NodeRef nodeRef) {
List<Permission> permissions = null;
AccessStatus readPermissions = this.getPermissionService().hasPermission(nodeRef, PermissionService.READ_PERMISSIONS);
if (readPermissions.equals(AccessStatus.ALLOWED)) {
List<Permission> nodePermissions = new ArrayList<Permission>();
for (Iterator<AccessPermission> iterator = getPermissionService().getAllSetPermissions(nodeRef).iterator(); iterator.hasNext(); ) {
AccessPermission ap = iterator.next();
nodePermissions.add(new Permission(ap.getPermission(), ap.getAuthority(), ap.getAccessStatus().toString()));
}
permissions = nodePermissions;
} else {
List<Permission> noReadPermissions = new ArrayList<Permission>(1);
noReadPermissions.add(new NoReadPermissionGranted());
permissions = noReadPermissions;
}
return permissions;
}
Also used :
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
ArrayList(java.util.ArrayList)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Example 7 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-remote-api by Alfresco.
the class NodesImpl method processNodePermissions.
protected void processNodePermissions(NodeRef nodeRef, Node nodeInfo) {
NodePermissions nodePerms = nodeInfo.getPermissions();
if (nodePerms != null) {
// Cannot set inherited permissions, only direct (locally set) permissions can be set
if ((nodePerms.getInherited() != null) && (nodePerms.getInherited().size() > 0)) {
throw new InvalidArgumentException("Cannot set *inherited* permissions on this node");
}
// Check inherit from parent value and if it's changed set the new value
if (nodePerms.getIsInheritanceEnabled() != null) {
if (nodePerms.getIsInheritanceEnabled() != permissionService.getInheritParentPermissions(nodeRef)) {
permissionService.setInheritParentPermissions(nodeRef, nodePerms.getIsInheritanceEnabled());
}
}
// set direct permissions
if ((nodePerms.getLocallySet() != null)) {
// list of all directly set permissions
Set<AccessPermission> directPerms = new HashSet<>(5);
for (AccessPermission accessPerm : permissionService.getAllSetPermissions(nodeRef)) {
if (accessPerm.isSetDirectly()) {
directPerms.add(accessPerm);
}
}
// check if same permission is sent more than once
if (hasDuplicatePermissions(nodePerms.getLocallySet())) {
throw new InvalidArgumentException("Duplicate node permissions, there is more than one permission with the same authority and name!");
}
for (NodePermissions.NodePermission nodePerm : nodePerms.getLocallySet()) {
String permName = nodePerm.getName();
String authorityId = nodePerm.getAuthorityId();
AccessStatus accessStatus = AccessStatus.ALLOWED;
if (nodePerm.getAccessStatus() != null) {
accessStatus = AccessStatus.valueOf(nodePerm.getAccessStatus());
}
if (authorityId == null || authorityId.isEmpty()) {
throw new InvalidArgumentException("Authority Id is expected.");
}
if (permName == null || permName.isEmpty()) {
throw new InvalidArgumentException("Permission name is expected.");
}
if (((!authorityId.equals(PermissionService.ALL_AUTHORITIES) && (!authorityService.authorityExists(authorityId))))) {
throw new InvalidArgumentException("Cannot set permissions on this node - unknown authority: " + authorityId);
}
AccessPermission existing = null;
boolean addPerm = true;
boolean updatePerm = false;
// If the permission already exists but with different access status it will be updated
for (AccessPermission accessPerm : directPerms) {
if (accessPerm.getAuthority().equals(authorityId) && accessPerm.getPermission().equals(permName)) {
existing = accessPerm;
addPerm = false;
if (accessPerm.getAccessStatus() != accessStatus) {
updatePerm = true;
}
break;
}
}
if (existing != null) {
// ignore existing permissions
directPerms.remove(existing);
}
if (addPerm || updatePerm) {
try {
permissionService.setPermission(nodeRef, authorityId, permName, (accessStatus == AccessStatus.ALLOWED));
} catch (UnsupportedOperationException e) {
throw new InvalidArgumentException("Cannot set permissions on this node - unknown access level: " + permName);
}
}
}
// remove any remaining direct perms
for (AccessPermission accessPerm : directPerms) {
permissionService.deletePermission(nodeRef, accessPerm.getAuthority(), accessPerm.getPermission());
}
}
}
}
Also used :
InvalidArgumentException(org.alfresco.rest.framework.core.exceptions.InvalidArgumentException)
NodePermissions(org.alfresco.rest.api.model.NodePermissions)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
LinkedHashSet(java.util.LinkedHashSet)
HashSet(java.util.HashSet)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Example 8 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-remote-api by Alfresco.
the class SiteServiceTest method checkPermissions.
private void checkPermissions(NodeRef nodeRef, String necessatyAuth, String expectedPermission, String actionInfo) {
Set<AccessPermission> allSetPermissions = permissionService.getAllSetPermissions(nodeRef);
for (AccessPermission perm : allSetPermissions) {
String authority = perm.getAuthority();
if (necessatyAuth.equals(authority)) {
if (expectedPermission.equals(perm.getPermission())) {
return;
}
fail("Expected permissions for authority \"" + necessatyAuth + "\" are incorrect. Expected: " + expectedPermission + ", but actual permission: " + perm.getPermission() + ". Check position: " + actionInfo);
}
}
fail("Expected authority \"" + necessatyAuth + "\" wasn't found. Check position: " + actionInfo);
}
Also used :
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
Example 9 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-remote-api by Alfresco.
the class NodeApiTest method validatePermissions.
private void validatePermissions(NodeRef nodeRef, List<NodePermissions.NodePermission> expectedPermissions) {
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(nodeRef);
for (NodePermissions.NodePermission permission : expectedPermissions) {
String authority = permission.getAuthorityId();
AccessPermission ap = getPermission(permissions, authority);
assertNotNull("Permission " + authority + " missing", ap);
assertEquals(authority, ap.getAuthority());
comparePermissions(authority, permission, ap);
}
}
Also used :
NodePermissions(org.alfresco.rest.api.model.NodePermissions)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
Example 10 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class RenameSiteAuthorityDisplayName method renameDispayNames.
/**
* Rename display names of authorities of sites.
*
* @param siteInfos
* list of sites
*/
private void renameDispayNames(final List<SiteInfo> siteInfos) {
final String tenantDomain = tenantAdminService.getCurrentUserDomain();
final Iterator<SiteInfo> pathItr = siteInfos.listIterator();
BatchProcessWorkProvider<SiteInfo> siteWorkProvider = new BatchProcessWorkProvider<SiteInfo>() {
@Override
public int getTotalEstimatedWorkSize() {
return siteInfos.size();
}
@Override
public Collection<SiteInfo> getNextWork() {
int batchCount = 0;
List<SiteInfo> nodes = new ArrayList<SiteInfo>(BATCH_SIZE);
while (pathItr.hasNext() && batchCount++ != BATCH_SIZE) {
nodes.add(pathItr.next());
}
return nodes;
}
};
// prepare the batch processor and worker object
BatchProcessor<SiteInfo> siteBatchProcessor = new BatchProcessor<SiteInfo>("RenameSiteAuthorityDisplayName", this.transactionHelper, siteWorkProvider, BATCH_THREADS, BATCH_SIZE, this.applicationEventPublisher, progress_logger, BATCH_SIZE * 10);
BatchProcessWorker<SiteInfo> worker = new BatchProcessWorker<SiteInfo>() {
@Override
public String getIdentifier(SiteInfo entry) {
return entry.getShortName();
}
@Override
public void beforeProcess() throws Throwable {
// Disable rules
ruleService.disableRules();
// Authentication
String systemUser = AuthenticationUtil.getSystemUserName();
systemUser = tenantAdminService.getDomainUser(systemUser, tenantDomain);
AuthenticationUtil.setRunAsUser(systemUser);
}
@Override
public void afterProcess() throws Throwable {
// Enable rules
ruleService.enableRules();
// Clear authentication
AuthenticationUtil.clearCurrentSecurityContext();
}
@Override
public void process(SiteInfo siteInfo) throws Throwable {
// Set all the permissions of site
Set<AccessPermission> sitePermissions = permissionService.getAllSetPermissions(siteInfo.getNodeRef());
for (AccessPermission sitePermission : sitePermissions) {
// Use only GROUP authority
if (sitePermission.getAuthorityType() == AuthorityType.GROUP) {
String authorityName = sitePermission.getAuthority();
String currDisplayName = authorityService.getAuthorityDisplayName(authorityName);
String necessaryName = ((SiteServiceImpl) siteService).getSiteRoleGroup(siteInfo.getShortName(), sitePermission.getPermission(), false);
String alternativeName = ((SiteServiceImpl) siteService).getSiteRoleGroup(siteInfo.getShortName(), sitePermission.getPermission(), true);
// check for correct displayName
if ((!necessaryName.equalsIgnoreCase(currDisplayName)) || (!alternativeName.equalsIgnoreCase(currDisplayName))) {
// fix incorrect display name
authorityService.setAuthorityDisplayName(authorityName, necessaryName);
}
}
}
}
};
siteBatchProcessor.process(worker, true);
}
Also used :
SiteInfo(org.alfresco.service.cmr.site.SiteInfo)
ArrayList(java.util.ArrayList)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
SiteServiceImpl(org.alfresco.repo.site.SiteServiceImpl)
BatchProcessWorkProvider(org.alfresco.repo.batch.BatchProcessWorkProvider)
BatchProcessWorker(org.alfresco.repo.batch.BatchProcessor.BatchProcessWorker)
BatchProcessor(org.alfresco.repo.batch.BatchProcessor)
Aggregations
AccessPermission (org.alfresco.service.cmr.security.AccessPermission)52
NodeRef (org.alfresco.service.cmr.repository.NodeRef)21
ArrayList (java.util.ArrayList)15
HashSet (java.util.HashSet)14
HashMap (java.util.HashMap)13
ChildAssociationRef (org.alfresco.service.cmr.repository.ChildAssociationRef)7
Test (org.junit.Test)7
Serializable (java.io.Serializable)5
List (java.util.List)5
Map (java.util.Map)5
Set (java.util.Set)5
AccessPermissionImpl (org.alfresco.repo.security.permissions.impl.AccessPermissionImpl)5
AccessStatus (org.alfresco.service.cmr.security.AccessStatus)5
QName (org.alfresco.service.namespace.QName)5
LinkedHashSet (java.util.LinkedHashSet)4
AccessDeniedException (org.alfresco.repo.security.permissions.AccessDeniedException)4
FacesContext (javax.faces.context.FacesContext)3
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)3
FilterPropString (org.alfresco.repo.node.getchildren.FilterPropString)3
PermissionReference (org.alfresco.repo.security.permissions.PermissionReference)3
