Example 21 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class RepoPrimaryManifestProcessorImpl method update.
/**
* @param node TransferManifestNormalNode
* @param resolvedNodes ResolvedParentChildPair
* @param primaryParentAssoc ChildAssociationRef
*/
private void update(TransferManifestNormalNode node, ResolvedParentChildPair resolvedNodes, ChildAssociationRef primaryParentAssoc) {
NodeRef nodeToUpdate = resolvedNodes.resolvedChild;
/**
* Check that if the destination is "from" the transferring repo if it is "from" another repo then ignore
*/
if (nodeService.hasAspect(nodeToUpdate, TransferModel.ASPECT_TRANSFERRED)) {
String fromRepository = (String) nodeService.getProperty(nodeToUpdate, TransferModel.PROP_FROM_REPOSITORY_ID);
String transferringRepo = header.getRepositoryId();
if (fromRepository != null && transferringRepo != null) {
if (!fromRepository.equalsIgnoreCase(transferringRepo)) {
logComment("Not updating local node (not from the transferring repository): " + node.getNodeRef());
return;
}
}
} else {
logComment("Not updating local node - node is local to this repository): " + node.getNodeRef());
// Not a transferred node.
return;
}
QName parentAssocType = primaryParentAssoc.getTypeQName();
QName parentAssocName = primaryParentAssoc.getQName();
NodeRef parentNodeRef = resolvedNodes.resolvedParent;
if (parentNodeRef == null) {
// We can't find the node's parent.
// We'll store the node in a temporary location and record it for
// later processing
ChildAssociationRef tempLocation = getTemporaryLocation(node.getNodeRef());
parentNodeRef = tempLocation.getParentRef();
parentAssocType = tempLocation.getTypeQName();
parentAssocName = tempLocation.getQName();
storeOrphanNode(primaryParentAssoc);
}
// First of all, do we need to move the node? If any aspect of the
// primary parent association has changed
// then the answer is "yes"
ChildAssociationRef currentParent = nodeService.getPrimaryParent(nodeToUpdate);
if (!currentParent.getParentRef().equals(parentNodeRef) || !currentParent.getTypeQName().equals(parentAssocType) || !currentParent.getQName().equals(parentAssocName)) {
/**
* Yes, the parent assoc has changed so we need to move the node
*/
if (nodeService.hasAspect(currentParent.getParentRef(), TransferModel.ASPECT_ALIEN)) {
// old parent node ref may be alien so treat as a delete
alienProcessor.beforeDeleteAlien(currentParent.getChildRef(), null);
}
// Yes, we need to move the node
ChildAssociationRef newNode = nodeService.moveNode(nodeToUpdate, parentNodeRef, parentAssocType, parentAssocName);
logMoved(node.getNodeRef(), nodeToUpdate, node.getParentPath().toString(), newNode.getParentRef(), nodeService.getPath(newNode.getChildRef()).toString());
logSummaryMoved(node.getNodeRef(), nodeToUpdate, node.getParentPath().toString(), newNode.getParentRef(), nodeService.getPath(newNode.getChildRef()).toString());
/**
* are we adding an alien node here? The transfer service has policies disabled
* so have to call the consequence of the policy directly.
*/
if (nodeService.hasAspect(newNode.getChildRef(), TransferModel.ASPECT_ALIEN)) {
alienProcessor.afterMoveAlien(newNode);
} else {
/**
* are we adding an alien node here? The transfer service has policies disabled
* so have to call the consequence of the policy directly.
*/
if (nodeService.hasAspect(parentNodeRef, TransferModel.ASPECT_TRANSFERRED) || nodeService.hasAspect(parentNodeRef, TransferModel.ASPECT_ALIEN)) {
alienProcessor.onCreateChild(newNode, header.getRepositoryId(), true);
}
}
}
log.info("Resolved parent node to " + parentNodeRef);
if (updateNeeded(node, nodeToUpdate)) {
logUpdated(node.getNodeRef(), nodeToUpdate, nodeService.getPath(nodeToUpdate).toString());
// We need to process content properties separately.
// First, create a shallow copy of the supplied property map...
Map<QName, Serializable> props = new HashMap<QName, Serializable>(node.getProperties());
Map<QName, Serializable> existingProps = nodeService.getProperties(nodeToUpdate);
processCategories(props, node.getManifestCategories());
// inject transferred properties/aspect here
injectTransferred(props);
// Remove the invadedBy property since that is used by the transfer service
// and is local to this repository.
props.remove(TransferModel.PROP_INVADED_BY);
// Do we need to worry about locking this updated ?
if (header.isReadOnly()) {
props.put(ContentModel.PROP_LOCK_OWNER, AuthenticationUtil.getAdminUserName());
props.put(ContentModel.PROP_LOCK_TYPE, LockType.NODE_LOCK.toString());
props.put(ContentModel.PROP_EXPIRY_DATE, null);
log.debug("updated node needs to be locked");
}
// Split out the content properties and sanitise the others
Map<QName, Serializable> contentProps = processProperties(nodeToUpdate, props, existingProps);
// If there was already a value for invadedBy then leave it alone rather than replacing it.
if (existingProps.containsKey(TransferModel.PROP_INVADED_BY)) {
props.put(TransferModel.PROP_INVADED_BY, existingProps.get(TransferModel.PROP_INVADED_BY));
}
// Update the non-content properties
nodeService.setProperties(nodeToUpdate, props);
// Deal with the content properties
boolean contentUpdated = writeContent(nodeToUpdate, contentProps);
if (contentUpdated) {
logSummaryUpdated(node.getNodeRef(), nodeToUpdate, nodeService.getPath(nodeToUpdate).toString());
}
// Change the type of the content
if (!nodeService.getType(nodeToUpdate).equals(node.getType())) {
// The type has changed, check the dictionary to contain the model for that type
TypeDefinition newTypeDef = dictionaryService.getType(node.getType());
if (newTypeDef == null) {
log.warn("Failed to update the type: " + node.getType() + " for node: " + nodeToUpdate + ", as there is no type definition for it");
} else {
// Check the default properties
Map<QName, PropertyDefinition> typeProperties = newTypeDef.getProperties();
// Search if all the properties are in place
boolean fail = false;
for (QName key : typeProperties.keySet()) {
PropertyDefinition propDef = typeProperties.get(key);
if (!props.containsKey(key) && propDef.isMandatory()) {
log.warn("Failed to update the type: " + node.getType() + " for node: " + nodeToUpdate + ", as the mandatory property '" + propDef.getName() + "' was not transferred.");
fail = true;
break;
}
}
if (!fail) {
// Set the new type
nodeService.setType(nodeToUpdate, node.getType());
}
}
}
// Blend the aspects together
Set<QName> suppliedAspects = new HashSet<QName>(node.getAspects());
Set<QName> existingAspects = nodeService.getAspects(nodeToUpdate);
Set<QName> aspectsToRemove = new HashSet<QName>(existingAspects);
// Add mandatory aspects to the supplied aspects (eg. should not explicitly remove auditable aspect from a folder - see also DMDeploymentTarget for similar)
List<AspectDefinition> aspectDefs = dictionaryService.getType(nodeService.getType(nodeToUpdate)).getDefaultAspects(true);
for (AspectDefinition aspectDef : aspectDefs) {
suppliedAspects.add(aspectDef.getName());
}
if (header.isReadOnly()) {
suppliedAspects.add(ContentModel.ASPECT_LOCKABLE);
}
aspectsToRemove.removeAll(suppliedAspects);
/**
* Don't remove the aspects that the transfer service uses itself.
*/
aspectsToRemove.remove(TransferModel.ASPECT_TRANSFERRED);
aspectsToRemove.remove(TransferModel.ASPECT_ALIEN);
suppliedAspects.removeAll(existingAspects);
// and suppliedAspects contains the set of aspects to add
for (QName aspect : suppliedAspects) {
nodeService.addAspect(nodeToUpdate, aspect, null);
}
for (QName aspect : aspectsToRemove) {
nodeService.removeAspect(nodeToUpdate, aspect);
}
// Check the ACL of this updated node
ManifestAccessControl acl = node.getAccessControl();
if (acl != null) {
boolean existInherit = permissionService.getInheritParentPermissions(nodeToUpdate);
if (existInherit != acl.isInherited()) {
log.debug("changed inherit permissions flag");
permissionService.setInheritParentPermissions(nodeToUpdate, acl.isInherited());
}
Set<AccessPermission> existingPermissions = permissionService.getAllSetPermissions(nodeToUpdate);
List<ManifestPermission> newPermissions = acl.getPermissions();
if (existingPermissions.size() > 0 || newPermissions != null) {
// Yes we have explicit permissions on this node.
log.debug("have to check permissions");
Set<ManifestPermission> work = new HashSet<ManifestPermission>();
for (AccessPermission permission : existingPermissions) {
if (permission.isSetDirectly()) {
ManifestPermission p = new ManifestPermission();
p.setAuthority(permission.getAuthority());
p.setPermission(permission.getPermission());
p.setStatus(permission.getAccessStatus().toString());
work.add(p);
}
}
// Do we need to check whether to add any permissions ?
if (newPermissions != null) {
// Do we need to add any permissions ?
for (ManifestPermission permission : acl.getPermissions()) {
if (!work.contains(permission)) {
log.debug("setting permission on node:" + permission);
AccessStatus status = AccessStatus.valueOf(permission.getStatus());
permissionService.setPermission(nodeToUpdate, permission.getAuthority(), permission.getPermission(), status == AccessStatus.ALLOWED);
}
}
// Remove permissions from "work" that should be there
work.removeAll(newPermissions);
}
// Do we need to remove any permissions
for (ManifestPermission permission : work) {
log.debug("removing permission on node:" + permission);
permissionService.deletePermission(nodeToUpdate, permission.getAuthority(), permission.getPermission());
}
}
}
}
}
Also used :
ManifestPermission(org.alfresco.repo.transfer.manifest.ManifestPermission)
Serializable(java.io.Serializable)
HashMap(java.util.HashMap)
QName(org.alfresco.service.namespace.QName)
ManifestAccessControl(org.alfresco.repo.transfer.manifest.ManifestAccessControl)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
AspectDefinition(org.alfresco.service.cmr.dictionary.AspectDefinition)
ChildAssociationRef(org.alfresco.service.cmr.repository.ChildAssociationRef)
PropertyDefinition(org.alfresco.service.cmr.dictionary.PropertyDefinition)
TypeDefinition(org.alfresco.service.cmr.dictionary.TypeDefinition)
DataTypeDefinition(org.alfresco.service.cmr.dictionary.DataTypeDefinition)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
HashSet(java.util.HashSet)
Example 22 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class TransferManifestNodeFactoryImpl method createTransferManifestNode.
public TransferManifestNode createTransferManifestNode(NodeRef nodeRef, TransferDefinition definition, TransferContext transferContext, boolean forceDelete) {
NodeRef.Status status = nodeService.getNodeStatus(nodeRef);
if (status == null) {
throw new TransferException("Unable to get node status for node : " + nodeRef);
}
/**
* Work out whether this is a deleted node or not
*/
if (status.isDeleted()) {
// This node used to exist but doesn't any more. We can't discover anything about its original parentage
// so we will create a dummy record that contains the correct noderef but dummy parent association and
// parent path. This will keep the target side happy, and will result in the node being deleted
// if a node with the same noderef exists on the target.
TransferManifestDeletedNode deletedNode = new TransferManifestDeletedNode();
deletedNode.setNodeRef(nodeRef);
ChildAssociationRef dummyPrimaryParent = new ChildAssociationRef(ContentModel.ASSOC_CONTAINS, nodeRef, QName.createQName(NamespaceService.CONTENT_MODEL_1_0_URI, "dummy"), nodeRef, true, -1);
deletedNode.setPrimaryParentAssoc(dummyPrimaryParent);
deletedNode.setParentPath(new Path());
return deletedNode;
} else if (nodeRef.getStoreRef().equals(StoreRef.STORE_REF_ARCHIVE_SPACESSTORE)) {
if (nodeService.hasAspect(nodeRef, ContentModel.ASPECT_ARCHIVED)) {
// Yes we have an archived aspect
ChildAssociationRef car = (ChildAssociationRef) nodeService.getProperty(nodeRef, ContentModel.PROP_ARCHIVED_ORIGINAL_PARENT_ASSOC);
TransferManifestDeletedNode node = new TransferManifestDeletedNode();
NodeRef parentNodeRef = car.getParentRef();
node.setNodeRef(car.getChildRef());
node.setPrimaryParentAssoc(car);
if (nodeService.exists(parentNodeRef)) {
// The parent node still exists so it still has a path.
Path parentPath = nodeService.getPath(parentNodeRef);
node.setParentPath(parentPath);
}
return node;
}
// No we don't have an archived aspect - maybe we are not yet committed
TransferManifestDeletedNode node = new TransferManifestDeletedNode();
node.setNodeRef(nodeRef);
ChildAssociationRef parentAssocRef = nodeService.getPrimaryParent(nodeRef);
if (parentAssocRef != null && parentAssocRef.getParentRef() != null) {
NodeRef parentNodeRef = parentAssocRef.getParentRef();
node.setPrimaryParentAssoc(parentAssocRef);
Path parentPath = nodeService.getPath(parentNodeRef);
node.setParentPath(parentPath);
}
return node;
} else if (forceDelete) {
ChildAssociationRef primaryParentAssoc = nodeService.getPrimaryParent(nodeRef);
TransferManifestDeletedNode node = new TransferManifestDeletedNode();
NodeRef parentNodeRef = primaryParentAssoc.getParentRef();
node.setNodeRef(primaryParentAssoc.getChildRef());
node.setPrimaryParentAssoc(primaryParentAssoc);
if (nodeService.exists(parentNodeRef)) {
// The parent node still exists so it still has a path.
Path parentPath = nodeService.getPath(parentNodeRef);
node.setParentPath(parentPath);
}
return node;
} else {
// This is a "normal" node
TransferManifestNormalNode node = new TransferManifestNormalNode();
node.setNodeRef(nodeRef);
node.setProperties(getNodeProperties(nodeRef, definition == null ? null : definition.getExcludedAspects()));
node.setAspects(getNodeAspects(nodeRef, definition == null ? null : definition.getExcludedAspects()));
node.setType(nodeService.getType(nodeRef));
// For File Transfer Receiver, because FTS does not has access to the DictionaryService
if (dictionaryService.isSubClass(node.getType(), ContentModel.TYPE_CONTENT)) {
node.setAncestorType(ContentModel.TYPE_CONTENT);
} else {
if (dictionaryService.isSubClass(node.getType(), ContentModel.TYPE_FOLDER)) {
node.setAncestorType(ContentModel.TYPE_FOLDER);
} else {
node.setAncestorType(ContentModel.TYPE_BASE);
}
}
ChildAssociationRef parentAssocRef = nodeService.getPrimaryParent(nodeRef);
if (parentAssocRef != null && parentAssocRef.getParentRef() != null) {
NodeRef parentNodeRef = parentAssocRef.getParentRef();
node.setPrimaryParentAssoc(parentAssocRef);
Path parentPath = nodeService.getPath(parentNodeRef);
node.setParentPath(parentPath);
}
node.setChildAssocs(nodeService.getChildAssocs(nodeRef));
node.setParentAssocs(nodeService.getParentAssocs(nodeRef));
node.setTargetAssocs(nodeService.getTargetAssocs(nodeRef, RegexQNamePattern.MATCH_ALL));
node.setSourceAssocs(nodeService.getSourceAssocs(nodeRef, RegexQNamePattern.MATCH_ALL));
boolean inherit = permissionService.getInheritParentPermissions(nodeRef);
ManifestAccessControl acl = new ManifestAccessControl();
acl.setInherited(inherit);
node.setAccessControl(acl);
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(nodeRef);
List<ManifestPermission> mps = new ArrayList<ManifestPermission>(permissions.size());
for (AccessPermission permission : permissions) {
if (permission.isSetDirectly()) {
ManifestPermission mp = new ManifestPermission();
mp.setStatus(permission.getAccessStatus().toString());
mp.setAuthority(permission.getAuthority());
mp.setPermission(permission.getPermission());
mps.add(mp);
}
}
acl.setPermissions(mps);
/**
* Expand d:category information so we can re-create on target
*/
Map<NodeRef, ManifestCategory> categories = new HashMap<NodeRef, ManifestCategory>();
Map<QName, Serializable> properties = node.getProperties();
for (Map.Entry<QName, Serializable> val : properties.entrySet()) {
PropertyDefinition def = dictionaryService.getProperty(val.getKey());
if (def != null) {
if (def.getDataType().getName().isMatch(DataTypeDefinition.CATEGORY)) {
if (def.isMultiValued()) {
Serializable thing = val.getValue();
if (thing instanceof java.util.Collection) {
java.util.Collection<NodeRef> c = (java.util.Collection<NodeRef>) thing;
for (NodeRef categoryNodeRef : c) {
if (categoryNodeRef != null) {
categories.put(categoryNodeRef, getManifestCategory(transferContext, categoryNodeRef));
}
}
} else {
NodeRef categoryNodeRef = (NodeRef) val.getValue();
if (categoryNodeRef != null) {
categories.put(categoryNodeRef, getManifestCategory(transferContext, categoryNodeRef));
}
}
} else {
NodeRef categoryNodeRef = (NodeRef) val.getValue();
if (categoryNodeRef != null) {
categories.put(categoryNodeRef, getManifestCategory(transferContext, categoryNodeRef));
}
}
}
}
}
node.setManifestCategories(categories);
return node;
}
}
Also used :
Serializable(java.io.Serializable)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
Path(org.alfresco.service.cmr.repository.Path)
QName(org.alfresco.service.namespace.QName)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
ChildAssociationRef(org.alfresco.service.cmr.repository.ChildAssociationRef)
PropertyDefinition(org.alfresco.service.cmr.dictionary.PropertyDefinition)
TransferException(org.alfresco.service.cmr.transfer.TransferException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 23 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class CMISTest method testRemoveACL.
/**
* MNT-10165: Check that all concomitant basic CMIS permissions are deleted
* when permission is deleted vai CMIS 1.1 API. For Atom binding it applies
* new set of permissions instead of deleting the old ones.
*/
@Test
public void testRemoveACL() throws Exception {
AuthenticationUtil.pushAuthentication();
AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
final String groupName = "group" + GUID.generate();
final String testGroup = PermissionService.GROUP_PREFIX + groupName;
try {
// preconditions: create test document
if (!authorityService.authorityExists(testGroup)) {
authorityService.createAuthority(AuthorityType.GROUP, groupName);
}
final FileInfo document = transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionCallback<FileInfo>() {
@Override
public FileInfo execute() throws Throwable {
NodeRef companyHomeNodeRef = repositoryHelper.getCompanyHome();
String folderName = GUID.generate();
FileInfo folderInfo = fileFolderService.create(companyHomeNodeRef, folderName, ContentModel.TYPE_FOLDER);
nodeService.setProperty(folderInfo.getNodeRef(), ContentModel.PROP_NAME, folderName);
assertNotNull(folderInfo);
String docName = GUID.generate();
FileInfo document = fileFolderService.create(folderInfo.getNodeRef(), docName, ContentModel.TYPE_CONTENT);
assertNotNull(document);
nodeService.setProperty(document.getNodeRef(), ContentModel.PROP_NAME, docName);
return document;
}
});
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(document.getNodeRef());
assertEquals(permissions.size(), 1);
AccessPermission current = permissions.iterator().next();
assertEquals(current.getAuthority(), "GROUP_EVERYONE");
assertEquals(current.getPermission(), "Consumer");
// add group1 with Coordinator permissions
permissionService.setPermission(document.getNodeRef(), testGroup, PermissionService.COORDINATOR, true);
permissions = permissionService.getAllSetPermissions(document.getNodeRef());
Map<String, String> docPermissions = new HashMap<String, String>();
for (AccessPermission permission : permissions) {
docPermissions.put(permission.getAuthority(), permission.getPermission());
}
assertTrue(docPermissions.keySet().contains(testGroup));
assertEquals(docPermissions.get(testGroup), PermissionService.COORDINATOR);
// update permissions for group1 via CMIS 1.1 API
withCmisService(new CmisServiceCallback<Void>() {
@Override
public Void execute(CmisService cmisService) {
List<RepositoryInfo> repositories = cmisService.getRepositoryInfos(null);
assertNotNull(repositories);
assertTrue(repositories.size() > 0);
RepositoryInfo repo = repositories.iterator().next();
String repositoryId = repo.getId();
String docIdStr = document.getNodeRef().toString();
// when removing Coordinator ACE there are only inherited permissions
// so empty list of direct permissions is sent to be set
AccessControlListImpl acesToPut = new AccessControlListImpl();
List<Ace> acesList = Collections.emptyList();
acesToPut.setAces(acesList);
cmisService.applyAcl(repositoryId, docIdStr, acesToPut, AclPropagation.REPOSITORYDETERMINED);
return null;
}
}, CmisVersion.CMIS_1_1);
// check that permissions are the same as they were before Coordinator was added
permissions = permissionService.getAllSetPermissions(document.getNodeRef());
docPermissions = new HashMap<String, String>();
for (AccessPermission permission : permissions) {
docPermissions.put(permission.getAuthority(), permission.getPermission());
}
assertFalse(docPermissions.keySet().contains(testGroup));
assertEquals(permissions.size(), 1);
current = permissions.iterator().next();
assertEquals(current.getAuthority(), "GROUP_EVERYONE");
assertEquals(current.getPermission(), "Consumer");
} catch (CmisConstraintException e) {
fail(e.toString());
} finally {
if (authorityService.authorityExists(testGroup)) {
authorityService.deleteAuthority(testGroup);
}
AuthenticationUtil.popAuthentication();
}
}
Also used :
HashMap(java.util.HashMap)
RepositoryInfo(org.apache.chemistry.opencmis.commons.data.RepositoryInfo)
CmisConstraintException(org.apache.chemistry.opencmis.commons.exceptions.CmisConstraintException)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
FileInfo(org.alfresco.service.cmr.model.FileInfo)
CmisService(org.apache.chemistry.opencmis.commons.server.CmisService)
AccessControlListImpl(org.apache.chemistry.opencmis.commons.impl.dataobjects.AccessControlListImpl)
ObjectInFolderList(org.apache.chemistry.opencmis.commons.data.ObjectInFolderList)
ArrayList(java.util.ArrayList)
ObjectList(org.apache.chemistry.opencmis.commons.data.ObjectList)
List(java.util.List)
VersionableAspectTest(org.alfresco.repo.version.VersionableAspectTest)
Test(org.junit.Test)
Example 24 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class VirtualPermissionServiceExtensionTest method testGetAllSetPermissions.
@Test
public void testGetAllSetPermissions() throws Exception {
setUpTestPermissions();
Set<AccessPermission> allVf1SetPermissions = permissionService.getAllSetPermissions(this.virtualFolder1NodeRef);
AccessPermission vf1ReadProperties = mapAccessPermissionsByName(allVf1SetPermissions).get(PermissionService.READ_PROPERTIES).get(0);
assertUniqueAccessPermission(PermissionService.DELETE, AccessStatus.ALLOWED, user1, allVf1SetPermissions);
assertUniqueAccessPermission(PermissionService.CREATE_CHILDREN, AccessStatus.DENIED, user1, allVf1SetPermissions);
Set<AccessPermission> allNode2SetPermissions = permissionService.getAllSetPermissions(vf1Node2);
assertUniqueAccessPermission(PermissionService.DELETE, AccessStatus.DENIED, PermissionService.ALL_AUTHORITIES, allNode2SetPermissions);
assertUniqueAccessPermission(PermissionService.CREATE_CHILDREN, AccessStatus.ALLOWED, PermissionService.ALL_AUTHORITIES, allNode2SetPermissions);
// adhere to actual node
assertUniqueAccessPermission(PermissionService.READ_PROPERTIES, vf1ReadProperties.getAccessStatus(), vf1ReadProperties.getAuthority(), allNode2SetPermissions);
}
Also used :
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
Test(org.junit.Test)
VirtualizationIntegrationTest(org.alfresco.repo.virtual.VirtualizationIntegrationTest)
Example 25 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class BasePermissionsNode method retrieveAllSetPermissions.
/**
* Helper to construct the response object for the various getPermissions() calls.
*
* @param direct True to only retrieve direct permissions, false to get inherited also
* @param full True to retrieve full data string with [INHERITED|DIRECT] element
* This exists to maintain backward compatibility with existing permission APIs.
*
* @return List<String> of permissions.
*/
private List<String> retrieveAllSetPermissions(boolean direct, boolean full) {
String userName = this.services.getAuthenticationService().getCurrentUserName();
List<String> permissions = new ArrayList<String>(4);
if (hasPermission(PermissionService.READ_PERMISSIONS)) {
Set<AccessPermission> acls = this.services.getPermissionService().getAllSetPermissions(getNodeRef());
for (AccessPermission permission : acls) {
if (!direct || permission.isSetDirectly()) {
StringBuilder buf = new StringBuilder(64);
buf.append(permission.getAccessStatus()).append(';').append(permission.getAuthority()).append(';').append(permission.getPermission());
if (full) {
buf.append(';').append(permission.isSetDirectly() ? "DIRECT" : "INHERITED");
}
permissions.add(buf.toString());
}
}
}
return permissions;
}
Also used :
ArrayList(java.util.ArrayList)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
Aggregations
AccessPermission (org.alfresco.service.cmr.security.AccessPermission)52
NodeRef (org.alfresco.service.cmr.repository.NodeRef)21
ArrayList (java.util.ArrayList)15
HashSet (java.util.HashSet)14
HashMap (java.util.HashMap)13
ChildAssociationRef (org.alfresco.service.cmr.repository.ChildAssociationRef)7
Test (org.junit.Test)7
Serializable (java.io.Serializable)5
List (java.util.List)5
Map (java.util.Map)5
Set (java.util.Set)5
AccessPermissionImpl (org.alfresco.repo.security.permissions.impl.AccessPermissionImpl)5
AccessStatus (org.alfresco.service.cmr.security.AccessStatus)5
QName (org.alfresco.service.namespace.QName)5
LinkedHashSet (java.util.LinkedHashSet)4
AccessDeniedException (org.alfresco.repo.security.permissions.AccessDeniedException)4
FacesContext (javax.faces.context.FacesContext)3
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)3
FilterPropString (org.alfresco.repo.node.getchildren.FilterPropString)3
PermissionReference (org.alfresco.repo.security.permissions.PermissionReference)3
