Example 26 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project alfresco-repository by Alfresco.
the class PermissionServiceTest method testChangeGroupUid.
public void testChangeGroupUid() {
runAs("admin");
personService.getPerson("andy");
NodeRef one = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, QName.createQName("{namespace}one"), ContentModel.TYPE_FOLDER).getChildRef();
authorityService.createAuthority(AuthorityType.GROUP, "ONE");
authorityService.addAuthority("GROUP_ONE", "andy");
permissionService.setPermission(one, "GROUP_ONE", PermissionService.ALL_PERMISSIONS, true);
runAs("andy");
assertEquals("andy", authenticationComponent.getCurrentUserName());
assertTrue(permissionService.hasPermission(one, PermissionService.EXECUTE_CONTENT) == AccessStatus.ALLOWED);
runAs("admin");
boolean found = false;
Set<AccessPermission> set = permissionService.getAllSetPermissions(one);
for (AccessPermission ap : set) {
if (ap.getAuthority().equals("GROUP_One")) {
found = true;
}
}
assertFalse(found);
NodeRef gONE = authorityDAO.getAuthorityNodeRefOrNull("GROUP_ONE");
nodeService.setProperty(gONE, ContentModel.PROP_AUTHORITY_NAME, "GROUP_One");
runAs("andy");
assertTrue(permissionService.hasPermission(one, PermissionService.EXECUTE_CONTENT) == AccessStatus.ALLOWED);
runAs("admin");
found = false;
set = permissionService.getAllSetPermissions(one);
for (AccessPermission ap : set) {
if (ap.getAuthority().equals("GROUP_One")) {
found = true;
}
}
assertTrue(found);
try {
nodeService.setProperty(gONE, ContentModel.PROP_AUTHORITY_NAME, "GROUP_TWO");
fail("Chainging gid GROUP_One -> GROUP_TWO should fail");
} catch (UnsupportedOperationException e) {
}
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
Example 27 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project acs-community-packaging by Alfresco.
the class AdminNodeBrowseBean method getPermissions.
/**
* Gets the current node permissions
*
* @return the permissions
*/
public DataModel getPermissions() {
if (permissions == null) {
AccessStatus readPermissions = this.getPermissionService().hasPermission(nodeRef, PermissionService.READ_PERMISSIONS);
if (readPermissions.equals(AccessStatus.ALLOWED)) {
List<AccessPermission> nodePermissions = new ArrayList<AccessPermission>(getPermissionService().getAllSetPermissions(nodeRef));
permissions = new ListDataModel(nodePermissions);
} else {
List<NoReadPermissionGranted> noReadPermissions = new ArrayList<NoReadPermissionGranted>(1);
noReadPermissions.add(new NoReadPermissionGranted());
permissions = new ListDataModel(noReadPermissions);
}
}
return permissions;
}
Also used :
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
ArrayList(java.util.ArrayList)
ListDataModel(javax.faces.model.ListDataModel)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Example 28 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project acs-community-packaging by Alfresco.
the class UserMembersBean method getUsers.
/**
* @return the list of user nodes for list data binding
*/
public List<Map> getUsers() {
FacesContext context = FacesContext.getCurrentInstance();
boolean includeInherited = (this.filterMode.equals(INHERITED));
List<Map> personNodes = null;
UserTransaction tx = null;
try {
tx = Repository.getUserTransaction(context, true);
tx.begin();
// Return all the permissions set against the current node
// for any authentication instance (user/group).
// Then combine them into a single list for each authentication found.
Map<String, List<String>> permissionMap = new HashMap<String, List<String>>(8, 1.0f);
Set<AccessPermission> permissions = getPermissionService().getAllSetPermissions(getNode().getNodeRef());
for (AccessPermission permission : permissions) {
// we are only interested in Allow and not groups/owner etc.
if (permission.getAccessStatus() == AccessStatus.ALLOWED && (permission.getAuthorityType() == AuthorityType.USER || permission.getAuthorityType() == AuthorityType.GROUP || permission.getAuthorityType() == AuthorityType.GUEST || permission.getAuthorityType() == AuthorityType.EVERYONE)) {
if (includeInherited || permission.isSetDirectly()) {
String authority = permission.getAuthority();
List<String> userPermissions = permissionMap.get(authority);
if (userPermissions == null) {
// create for first time
userPermissions = new ArrayList<String>(4);
permissionMap.put(authority, userPermissions);
}
// add the permission name for this authority
userPermissions.add(permission.getPermission());
}
}
}
// for each authentication (username/group key) found we get the Person
// node represented by it and use that for our list databinding object
personNodes = new ArrayList<Map>(permissionMap.size());
for (String authority : permissionMap.keySet()) {
// check if we are dealing with a person (User Authority)
if (AuthorityType.getAuthorityType(authority) == AuthorityType.GUEST || getPersonService().personExists(authority)) {
NodeRef nodeRef = getPersonService().getPerson(authority);
if (nodeRef != null) {
// create our Node representation
MapNode node = new MapNode(nodeRef);
// set data binding properties
// this will also force initialisation of the props now during the UserTransaction
// it is much better for performance to do this now rather than during page bind
Map<String, Object> props = node.getProperties();
String firstName = (String) props.get("firstName");
String lastName = (String) props.get("lastName");
props.put("fullName", (firstName != null ? firstName : "") + ' ' + (lastName != null ? lastName : ""));
props.put("userNameLabel", props.get("userName"));
props.put("roles", roleListToString(context, permissionMap.get(authority)));
props.put("icon", WebResources.IMAGE_PERSON);
props.put("isGroup", Boolean.FALSE);
props.put("inherited", includeInherited);
personNodes.add(node);
}
} else {
// need a map (dummy node) to represent props for this Group Authority
Map<String, Object> node = new HashMap<String, Object>(8, 1.0f);
String groupDisplayName = getAuthorityService().getAuthorityDisplayName(authority);
if (groupDisplayName == null || groupDisplayName.length() == 0) {
if (authority.startsWith(PermissionService.GROUP_PREFIX) == true) {
groupDisplayName = authority.substring(PermissionService.GROUP_PREFIX.length());
} else {
groupDisplayName = authority;
}
}
node.put("fullName", groupDisplayName);
node.put("userNameLabel", groupDisplayName);
node.put("userName", authority);
node.put("id", authority);
node.put("roles", roleListToString(context, permissionMap.get(authority)));
node.put("icon", WebResources.IMAGE_GROUP);
node.put("isGroup", Boolean.TRUE);
node.put("inherited", includeInherited);
personNodes.add(node);
}
}
// commit the transaction
tx.commit();
} catch (InvalidNodeRefException refErr) {
Utils.addErrorMessage(MessageFormat.format(Application.getMessage(context, Repository.ERROR_NODEREF), new Object[] { refErr.getNodeRef() }));
personNodes = Collections.<Map>emptyList();
try {
if (tx != null) {
tx.rollback();
}
} catch (Exception tex) {
}
} catch (Throwable err) {
Utils.addErrorMessage(MessageFormat.format(Application.getMessage(context, Repository.ERROR_GENERIC), err.getMessage()), err);
personNodes = Collections.<Map>emptyList();
try {
if (tx != null) {
tx.rollback();
}
} catch (Exception tex) {
}
}
return personNodes;
}
Also used :
UserTransaction(javax.transaction.UserTransaction)
FacesContext(javax.faces.context.FacesContext)
HashMap(java.util.HashMap)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
MapNode(org.alfresco.web.bean.repository.MapNode)
InvalidNodeRefException(org.alfresco.service.cmr.repository.InvalidNodeRefException)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
ArrayList(java.util.ArrayList)
UIRichList(org.alfresco.web.ui.common.component.data.UIRichList)
UIModeList(org.alfresco.web.ui.common.component.UIModeList)
List(java.util.List)
InvalidNodeRefException(org.alfresco.service.cmr.repository.InvalidNodeRefException)
HashMap(java.util.HashMap)
Map(java.util.Map)
Example 29 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project acs-community-packaging by Alfresco.
the class UserMembersBean method setupUserAction.
/**
* Action event called by all actions that need to setup a Person context on
* the UserMembers bean before an action page is called. The context will be a
* Authority in setPersonAuthority() which can be retrieved on the action page from
* UserMembersBean.setPersonAuthority().
*/
public void setupUserAction(ActionEvent event) {
FacesContext context = FacesContext.getCurrentInstance();
UIActionLink link = (UIActionLink) event.getComponent();
Map<String, String> params = link.getParameterMap();
String authority = params.get("userName");
if (authority != null && authority.length() != 0) {
try {
if (this.getPersonService().personExists(authority)) {
// create the node ref, then our node representation
NodeRef ref = getPersonService().getPerson(authority);
Node node = new Node(ref);
// setup convience function for current user full name
String firstName = (String) node.getProperties().get(ContentModel.PROP_FIRSTNAME);
String lastName = (String) node.getProperties().get(ContentModel.PROP_LASTNAME);
setPersonName((firstName != null ? firstName : "") + ' ' + (lastName != null ? lastName : ""));
} else {
String label = params.get("userNameLabel");
if (label == null || label.length() == 0) {
label = authority;
}
setPersonName(label);
}
// setup roles for this Authority
List<PermissionWrapper> userPermissions = new ArrayList<PermissionWrapper>(4);
Set<AccessPermission> permissions = getPermissionService().getAllSetPermissions(getNode().getNodeRef());
if (permissions != null) {
for (AccessPermission permission : permissions) {
// we are only interested in Allow permissions
if (permission.getAccessStatus() == AccessStatus.ALLOWED) {
if (authority.equals(permission.getAuthority())) {
// found a permission for this user authentiaction
PermissionWrapper wrapper = new PermissionWrapper(permission.getPermission(), Application.getMessage(context, permission.getPermission()));
userPermissions.add(wrapper);
}
}
}
}
// action context setup
this.personRolesDataModel = null;
this.personRoles = userPermissions;
setPersonAuthority(authority);
} catch (Exception err) {
Utils.addErrorMessage(MessageFormat.format(Application.getMessage(FacesContext.getCurrentInstance(), Repository.ERROR_GENERIC), new Object[] { err.getMessage() }));
}
} else {
setPersonAuthority(null);
}
// force refresh on return to this page
contextUpdated();
}
Also used :
FacesContext(javax.faces.context.FacesContext)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
UIActionLink(org.alfresco.web.ui.common.component.UIActionLink)
Node(org.alfresco.web.bean.repository.Node)
MapNode(org.alfresco.web.bean.repository.MapNode)
ArrayList(java.util.ArrayList)
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
InvalidNodeRefException(org.alfresco.service.cmr.repository.InvalidNodeRefException)
Example 30 with AccessPermission
use of org.alfresco.service.cmr.security.AccessPermission in project records-management by Alfresco.
the class ExtendedSecurityServiceImpl method getIPRGroups.
/**
* Get the IPR groups associated with a given node reference.
* <p>
* Return null if none found.
*
* @param nodeRef node reference
* @return Pair<String, String> where first is the read group and second if the write group, null if none found
*/
private Pair<String, String> getIPRGroups(NodeRef nodeRef) {
Pair<String, String> result = null;
String iprReaderGroup = null;
String iprWriterGroup = null;
// get all the set permissions
Set<AccessPermission> permissions = permissionService.getAllSetPermissions(nodeRef);
for (AccessPermission permission : permissions) {
// look for the presence of the reader group
if (permission.getAuthority().startsWith(GROUP_PREFIX + READER_GROUP_PREFIX)) {
iprReaderGroup = permission.getAuthority();
} else // look for the presence of the writer group
if (permission.getAuthority().startsWith(GROUP_PREFIX + WRITER_GROUP_PREFIX)) {
iprWriterGroup = permission.getAuthority();
}
}
// assuming the are both present then return
if (iprReaderGroup != null && iprWriterGroup != null) {
result = new Pair<String, String>(iprReaderGroup, iprWriterGroup);
}
return result;
}
Also used :
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
Aggregations
AccessPermission (org.alfresco.service.cmr.security.AccessPermission)52
NodeRef (org.alfresco.service.cmr.repository.NodeRef)21
ArrayList (java.util.ArrayList)15
HashSet (java.util.HashSet)14
HashMap (java.util.HashMap)13
ChildAssociationRef (org.alfresco.service.cmr.repository.ChildAssociationRef)7
Test (org.junit.Test)7
Serializable (java.io.Serializable)5
List (java.util.List)5
Map (java.util.Map)5
Set (java.util.Set)5
AccessPermissionImpl (org.alfresco.repo.security.permissions.impl.AccessPermissionImpl)5
AccessStatus (org.alfresco.service.cmr.security.AccessStatus)5
QName (org.alfresco.service.namespace.QName)5
LinkedHashSet (java.util.LinkedHashSet)4
AccessDeniedException (org.alfresco.repo.security.permissions.AccessDeniedException)4
FacesContext (javax.faces.context.FacesContext)3
AlfrescoRuntimeException (org.alfresco.error.AlfrescoRuntimeException)3
FilterPropString (org.alfresco.repo.node.getchildren.FilterPropString)3
PermissionReference (org.alfresco.repo.security.permissions.PermissionReference)3
