Examples with AccessStatus org.alfresco.service.cmr.security.AccessStatus used on opensource projects

Example 11 with AccessStatus

use of org.alfresco.service.cmr.security.AccessStatus in project acs-community-packaging by Alfresco.

the class AdminNodeBrowseBean method getPermissions.

/**
 * Gets the current node permissions
 *
 * @return the permissions
 */
public DataModel getPermissions() {
    if (permissions == null) {
        AccessStatus readPermissions = this.getPermissionService().hasPermission(nodeRef, PermissionService.READ_PERMISSIONS);
        if (readPermissions.equals(AccessStatus.ALLOWED)) {
            List<AccessPermission> nodePermissions = new ArrayList<AccessPermission>(getPermissionService().getAllSetPermissions(nodeRef));
            permissions = new ListDataModel(nodePermissions);
        } else {
            List<NoReadPermissionGranted> noReadPermissions = new ArrayList<NoReadPermissionGranted>(1);
            noReadPermissions.add(new NoReadPermissionGranted());
            permissions = new ListDataModel(noReadPermissions);
        }
    }
    return permissions;
}

Example 12 with AccessStatus

use of org.alfresco.service.cmr.security.AccessStatus in project alfresco-remote-api by Alfresco.

the class NodesImpl method updateNodeImpl.

protected NodeRef updateNodeImpl(String nodeId, Node nodeInfo, Parameters parameters) {
    final NodeRef nodeRef = validateOrLookupNode(nodeId, null);
    QName nodeTypeQName = getNodeType(nodeRef);
    validateCmObject(nodeTypeQName);
    Map<QName, Serializable> props = new HashMap<>(0);
    if (nodeInfo.getProperties() != null) {
        props = mapToNodeProperties(nodeInfo.getProperties());
    }
    String name = nodeInfo.getName();
    if ((name != null) && (!name.isEmpty())) {
        // update node name if needed - note: if the name is different than existing then this is equivalent of a rename (within parent folder)
        props.put(ContentModel.PROP_NAME, name);
    }
    NodePermissions nodePerms = nodeInfo.getPermissions();
    if (nodePerms != null) {
        // Cannot set inherited permissions, only direct (locally set) permissions can be set
        if ((nodePerms.getInherited() != null) && (nodePerms.getInherited().size() > 0)) {
            throw new InvalidArgumentException("Cannot set *inherited* permissions on this node");
        }
        // Check inherit from parent value and if it's changed set the new value
        if (nodePerms.getIsInheritanceEnabled() != null) {
            if (nodePerms.getIsInheritanceEnabled() != permissionService.getInheritParentPermissions(nodeRef)) {
                permissionService.setInheritParentPermissions(nodeRef, nodePerms.getIsInheritanceEnabled());
            }
        }
        // set direct permissions
        if ((nodePerms.getLocallySet() != null)) {
            // list of all directly set permissions
            Set<AccessPermission> directPerms = new HashSet<>(5);
            for (AccessPermission accessPerm : permissionService.getAllSetPermissions(nodeRef)) {
                if (accessPerm.isSetDirectly()) {
                    directPerms.add(accessPerm);
                }
            }
            // check if same permission is sent more than once
            if (hasDuplicatePermissions(nodePerms.getLocallySet())) {
                throw new InvalidArgumentException("Duplicate node permissions, there is more than one permission with the same authority and name!");
            }
            for (NodePermissions.NodePermission nodePerm : nodePerms.getLocallySet()) {
                String permName = nodePerm.getName();
                String authorityId = nodePerm.getAuthorityId();
                AccessStatus accessStatus = AccessStatus.ALLOWED;
                if (nodePerm.getAccessStatus() != null) {
                    accessStatus = AccessStatus.valueOf(nodePerm.getAccessStatus());
                }
                if (authorityId == null || authorityId.isEmpty()) {
                    throw new InvalidArgumentException("Authority Id is expected.");
                }
                if (permName == null || permName.isEmpty()) {
                    throw new InvalidArgumentException("Permission name is expected.");
                }
                if (((!authorityId.equals(PermissionService.ALL_AUTHORITIES) && (!authorityService.authorityExists(authorityId))))) {
                    throw new InvalidArgumentException("Cannot set permissions on this node - unknown authority: " + authorityId);
                }
                AccessPermission existing = null;
                boolean addPerm = true;
                boolean updatePerm = false;
                // If the permission already exists but with different access status it will be updated
                for (AccessPermission accessPerm : directPerms) {
                    if (accessPerm.getAuthority().equals(authorityId) && accessPerm.getPermission().equals(permName)) {
                        existing = accessPerm;
                        addPerm = false;
                        if (accessPerm.getAccessStatus() != accessStatus) {
                            updatePerm = true;
                        }
                        break;
                    }
                }
                if (existing != null) {
                    // ignore existing permissions
                    directPerms.remove(existing);
                }
                if (addPerm || updatePerm) {
                    try {
                        permissionService.setPermission(nodeRef, authorityId, permName, (accessStatus == AccessStatus.ALLOWED));
                    } catch (UnsupportedOperationException e) {
                        throw new InvalidArgumentException("Cannot set permissions on this node - unknown access level: " + permName);
                    }
                }
            }
            // remove any remaining direct perms
            for (AccessPermission accessPerm : directPerms) {
                permissionService.deletePermission(nodeRef, accessPerm.getAuthority(), accessPerm.getPermission());
            }
        }
    }
    String nodeType = nodeInfo.getNodeType();
    if ((nodeType != null) && (!nodeType.isEmpty())) {
        // update node type - ensure that we are performing a specialise (we do not support generalise)
        QName destNodeTypeQName = createQName(nodeType);
        if ((!destNodeTypeQName.equals(nodeTypeQName)) && isSubClass(destNodeTypeQName, nodeTypeQName) && (!isSubClass(destNodeTypeQName, ContentModel.TYPE_SYSTEM_FOLDER))) {
            nodeService.setType(nodeRef, destNodeTypeQName);
        } else {
            throw new InvalidArgumentException("Failed to change (specialise) node type - from " + nodeTypeQName + " to " + destNodeTypeQName);
        }
    }
    NodeRef parentNodeRef = nodeInfo.getParentId();
    if (parentNodeRef != null) {
        NodeRef currentParentNodeRef = getParentNodeRef(nodeRef);
        if (currentParentNodeRef == null) {
            // implies root (Company Home) hence return 403 here
            throw new PermissionDeniedException();
        }
        if (!currentParentNodeRef.equals(parentNodeRef)) {
            // moveOrCopy(nodeRef, parentNodeRef, name, false); // not currently supported - client should use explicit POST /move operation instead
            throw new InvalidArgumentException("Cannot update parentId of " + nodeId + " via PUT /nodes/{nodeId}. Please use explicit POST /nodes/{nodeId}/move operation instead");
        }
    }
    List<String> aspectNames = nodeInfo.getAspectNames();
    updateCustomAspects(nodeRef, aspectNames, EXCLUDED_ASPECTS);
    if (props.size() > 0) {
        validatePropValues(props);
        try {
            // update node properties - note: null will unset the specified property
            nodeService.addProperties(nodeRef, props);
        } catch (DuplicateChildNodeNameException dcne) {
            throw new ConstraintViolatedException(dcne.getMessage());
        }
    }
    return nodeRef;
}

Example 13 with AccessStatus

use of org.alfresco.service.cmr.security.AccessStatus in project alfresco-remote-api by Alfresco.

the class CalendarEntryGet method executeImpl.

@Override
protected Map<String, Object> executeImpl(SiteInfo site, String eventName, WebScriptRequest req, JSONObject json, Status status, Cache cache) {
    final ResourceBundle rb = getResources();
    CalendarEntry entry = calendarService.getCalendarEntry(site.getShortName(), eventName);
    if (entry == null) {
        String message = rb.getString(MSG_EVENT_NOT_FOUND);
        return buildError(MessageFormat.format(message, eventName));
    }
    Date date = parseDate(req.getParameter("date"));
    if (date != null) {
        // if some instances were updated
        SimpleDateFormat fdt = new SimpleDateFormat("yyyyMMdd");
        Set<QName> childNodeTypeQNames = new HashSet<QName>();
        childNodeTypeQNames.add(CalendarModel.TYPE_UPDATED_EVENT);
        List<ChildAssociationRef> updatedEventList = nodeService.getChildAssocs(entry.getNodeRef(), childNodeTypeQNames);
        for (ChildAssociationRef updatedEvent : updatedEventList) {
            NodeRef nodeRef = updatedEvent.getChildRef();
            Date updatedDate = (Date) nodeService.getProperty(nodeRef, CalendarModel.PROP_UPDATED_EVENT_DATE);
            if (fdt.format(updatedDate).equals(fdt.format(date))) {
                entry.setStart((Date) nodeService.getProperty(nodeRef, CalendarModel.PROP_UPDATED_START));
                entry.setEnd((Date) nodeService.getProperty(nodeRef, CalendarModel.PROP_UPDATED_END));
                entry.setTitle((String) nodeService.getProperty(nodeRef, CalendarModel.PROP_UPDATED_WHAT));
                entry.setLocation((String) nodeService.getProperty(nodeRef, CalendarModel.PROP_UPDATED_WHERE));
                break;
            }
        }
    }
    // Build the object
    Map<String, Object> result = new HashMap<String, Object>();
    result.put("name", entry.getSystemName());
    result.put("what", entry.getTitle());
    result.put("description", entry.getDescription());
    result.put("location", entry.getLocation());
    boolean isAllDay = CalendarEntryDTO.isAllDay(entry);
    boolean removeTimezone = isAllDay && !entry.isOutlook();
    result.put("from", removeTimeZoneIfRequired(entry.getStart(), isAllDay, removeTimezone));
    result.put("to", removeTimeZoneIfRequired(entry.getEnd(), isAllDay, removeTimezone));
    String legacyDateFormat = "M/d/yyyy";
    String legacyTimeFormat = "HH:mm";
    result.put("legacyDateFrom", removeTimeZoneIfRequired(entry.getStart(), isAllDay, removeTimezone, legacyDateFormat));
    result.put("legacyTimeFrom", removeTimeZoneIfRequired(entry.getStart(), isAllDay, removeTimezone, legacyTimeFormat));
    result.put("legacyDateTo", removeTimeZoneIfRequired(entry.getEnd(), isAllDay, removeTimezone, legacyDateFormat));
    result.put("legacyTimeTo", removeTimeZoneIfRequired(entry.getEnd(), isAllDay, removeTimezone, legacyTimeFormat));
    result.put("tags", entry.getTags());
    result.put("isoutlook", entry.isOutlook());
    result.put("outlookuid", entry.getOutlookUID());
    result.put("allday", isAllDay);
    result.put("docfolder", entry.getSharePointDocFolder());
    result.put("recurrence", buildRecurrenceString(entry));
    // Replace nulls with blank strings for the JSON
    for (String key : result.keySet()) {
        if (result.get(key) == null) {
            result.put(key, "");
        }
    }
    // Check the permissions the user has on the entry
    AccessStatus canEdit = permissionService.hasPermission(entry.getNodeRef(), PermissionService.WRITE);
    AccessStatus canDelete = permissionService.hasPermission(entry.getNodeRef(), PermissionService.DELETE);
    result.put("canEdit", (canEdit == AccessStatus.ALLOWED));
    result.put("canDelete", (canDelete == AccessStatus.ALLOWED));
    // All done
    Map<String, Object> model = new HashMap<String, Object>();
    model.put("result", result);
    return model;
}

Example 14 with AccessStatus

use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.

the class CapabilityServiceImpl method getCapabilitiesAccessState.

/**
 * @see org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService#getCapabilitiesAccessState(org.alfresco.service.cmr.repository.NodeRef, boolean)
 */
@Override
public Map<Capability, AccessStatus> getCapabilitiesAccessState(NodeRef nodeRef, boolean includePrivate) {
    ParameterCheck.mandatory("nodeRef", nodeRef);
    Set<Capability> listOfCapabilites = getCapabilities(includePrivate);
    HashMap<Capability, AccessStatus> answer = new HashMap<Capability, AccessStatus>();
    for (Capability capability : listOfCapabilites) {
        AccessStatus status = capability.hasPermission(nodeRef);
        if (answer.put(capability, status) != null) {
            throw new IllegalStateException();
        }
    }
    return answer;
}

Example 15 with AccessStatus

use of org.alfresco.service.cmr.security.AccessStatus in project records-management by Alfresco.

the class CapabilityServiceImpl method getCapabilityAccessState.

/**
 * @see org.alfresco.module.org_alfresco_module_rm.capability.CapabilityService#getCapabilityAccessState(org.alfresco.service.cmr.repository.NodeRef, java.lang.String)
 */
@Override
public AccessStatus getCapabilityAccessState(NodeRef nodeRef, String capabilityName) {
    ParameterCheck.mandatory("nodeRef", nodeRef);
    ParameterCheck.mandatory("capabilityName", capabilityName);
    AccessStatus result = AccessStatus.UNDETERMINED;
    Capability capability = getCapability(capabilityName);
    if (capability != null) {
        List<String> list = Collections.singletonList(capabilityName);
        Map<Capability, AccessStatus> map = getCapabilitiesAccessState(nodeRef, list);
        result = map.get(capability);
    }
    return result;
}