Example 1 with Extend
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method deletePermission.
/**
* @see #deletePermission(NodeRef, String, PermissionReference)
*/
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public void deletePermission(PermissionEntry permissionEntry) {
NodeRef nodeRef = permissionEntry.getNodeRef();
String authority = permissionEntry.getAuthority();
PermissionReference permission = permissionEntry.getPermissionReference();
deletePermission(nodeRef, authority, permission);
}
Also used :
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
PermissionReference(org.alfresco.repo.security.permissions.PermissionReference)
Extend(org.alfresco.traitextender.Extend)
Example 2 with Extend
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method hasPermission.
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public AccessStatus hasPermission(NodeRef passedNodeRef, final PermissionReference permIn) {
// - so we allow it
if (passedNodeRef == null) {
return AccessStatus.ALLOWED;
}
// If the permission is null we deny
if (permIn == null) {
return AccessStatus.DENIED;
}
// Note: if we're directly accessing a frozen state (version) node (ie. in the 'version' store) we need to check permissions for the versioned node (ie. in the 'live' store)
if (isVersionNodeRef(passedNodeRef)) {
passedNodeRef = convertVersionNodeRefToVersionedNodeRef(VersionUtil.convertNodeRef(passedNodeRef));
}
// Allow permissions for nodes that do not exist
if (passedNodeRef == null || !nodeService.exists(passedNodeRef)) {
return AccessStatus.ALLOWED;
}
final NodeRef nodeRef = tenantService.getName(passedNodeRef);
final PermissionReference perm;
if (permIn.equals(OLD_ALL_PERMISSIONS_REFERENCE)) {
perm = getAllPermissionReference();
} else {
perm = permIn;
}
if (AuthenticationUtil.getRunAsUser() == null) {
return AccessStatus.DENIED;
}
if (AuthenticationUtil.isRunAsUserTheSystemUser()) {
return AccessStatus.ALLOWED;
}
// New ACLs
AccessControlListProperties properties = permissionsDaoComponent.getAccessControlListProperties(nodeRef);
if ((properties != null) && (properties.getAclType() != null) && (properties.getAclType() != ACLType.OLD)) {
QName typeQname = nodeService.getType(nodeRef);
Set<QName> aspectQNames = nodeService.getAspects(nodeRef);
PermissionContext context = new PermissionContext(typeQname);
context.getAspects().addAll(aspectQNames);
Authentication auth = AuthenticationUtil.getRunAsAuthentication();
if (auth != null) {
String user = AuthenticationUtil.getRunAsUser();
for (String dynamicAuthority : getDynamicAuthorities(auth, nodeRef, perm)) {
context.addDynamicAuthorityAssignment(user, dynamicAuthority);
}
}
return hasPermission(properties.getId(), context, perm);
}
// Get the current authentications
// Use the smart authentication cache to improve permissions performance
Authentication auth = AuthenticationUtil.getRunAsAuthentication();
final Set<String> authorisations = getAuthorisations(auth, nodeRef, perm);
// If the node does not support the given permission there is no point
// doing the test
Set<PermissionReference> available = AuthenticationUtil.runAs(new RunAsWork<Set<PermissionReference>>() {
public Set<PermissionReference> doWork() throws Exception {
return modelDAO.getAllPermissions(nodeRef);
}
}, AuthenticationUtil.getSystemUserName());
available.add(getAllPermissionReference());
available.add(OLD_ALL_PERMISSIONS_REFERENCE);
final Serializable key = generateKey(authorisations, nodeRef, perm, CacheType.HAS_PERMISSION);
if (!(available.contains(perm))) {
accessCache.put(key, AccessStatus.DENIED);
return AccessStatus.DENIED;
}
if (AuthenticationUtil.isRunAsUserTheSystemUser()) {
return AccessStatus.ALLOWED;
}
return AuthenticationUtil.runAs(new RunAsWork<AccessStatus>() {
public AccessStatus doWork() throws Exception {
AccessStatus status = accessCache.get(key);
if (status != null) {
return status;
}
//
// TODO: Dynamic permissions via evaluators
//
/*
* Does the current authentication have the supplied permission on the given node.
*/
QName typeQname = nodeService.getType(nodeRef);
Set<QName> aspectQNames = nodeService.getAspects(nodeRef);
NodeTest nt = new NodeTest(perm, typeQname, aspectQNames);
boolean result = nt.evaluate(authorisations, nodeRef);
if (log.isDebugEnabled()) {
log.debug("Permission <" + perm + "> is " + (result ? "allowed" : "denied") + " for " + AuthenticationUtil.getRunAsUser() + " on node " + nodeService.getPath(nodeRef));
}
status = result ? AccessStatus.ALLOWED : AccessStatus.DENIED;
accessCache.put(key, status);
return status;
}
}, AuthenticationUtil.getSystemUserName());
}
Also used :
Serializable(java.io.Serializable)
Set(java.util.Set)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
QName(org.alfresco.service.namespace.QName)
AccessControlListProperties(org.alfresco.repo.security.permissions.AccessControlListProperties)
PermissionContext(org.alfresco.service.cmr.security.PermissionContext)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
NodeRef(org.alfresco.service.cmr.repository.NodeRef)
Authentication(net.sf.acegisecurity.Authentication)
PermissionReference(org.alfresco.repo.security.permissions.PermissionReference)
Extend(org.alfresco.traitextender.Extend)
Example 3 with Extend
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method getAllSetPermissions.
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<AccessPermission> getAllSetPermissions(NodeRef nodeRef) {
HashSet<AccessPermission> accessPermissions = new HashSet<AccessPermission>();
NodePermissionEntry nodePremissionEntry = getSetPermissions(nodeRef);
for (PermissionEntry pe : nodePremissionEntry.getPermissionEntries()) {
accessPermissions.add(new AccessPermissionImpl(getPermission(pe.getPermissionReference()), pe.getAccessStatus(), pe.getAuthority(), pe.getPosition()));
}
return accessPermissions;
}
Also used :
AccessPermission(org.alfresco.service.cmr.security.AccessPermission)
NodePermissionEntry(org.alfresco.repo.security.permissions.NodePermissionEntry)
PermissionEntry(org.alfresco.repo.security.permissions.PermissionEntry)
NodePermissionEntry(org.alfresco.repo.security.permissions.NodePermissionEntry)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Extend(org.alfresco.traitextender.Extend)
Example 4 with Extend
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method setInheritParentPermissions.
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public void setInheritParentPermissions(NodeRef nodeRef, final boolean inheritParentPermissions, boolean asyncCall) {
final NodeRef actualRef = tenantService.getName(nodeRef);
if (asyncCall) {
// use transaction resource to determine later on in ADMAccessControlListDAO.setFixedAcl if asynchronous call may be required
AlfrescoTransactionSupport.bindResource(FixedAclUpdater.FIXED_ACL_ASYNC_CALL_KEY, true);
permissionsDaoComponent.setInheritParentPermissions(actualRef, inheritParentPermissions);
// check if asynchronous call was required
boolean asyncCallRequired = toBoolean((Boolean) AlfrescoTransactionSupport.getResource(FixedAclUpdater.FIXED_ACL_ASYNC_REQUIRED_KEY));
if (asyncCallRequired) {
// after transaction is committed FixedAclUpdater will be started in a new thread to process pending nodes
AlfrescoTransactionSupport.bindListener(fixedAclUpdater);
}
invokeOnPermissionsInheritedPolicy(nodeRef, inheritParentPermissions, asyncCallRequired);
} else {
// regular method call
permissionsDaoComponent.setInheritParentPermissions(actualRef, inheritParentPermissions);
invokeOnPermissionsInheritedPolicy(nodeRef, inheritParentPermissions, false);
}
accessCache.clear();
}Example 5 with Extend
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method getReadersDenied.
/**
* @param aclId Long
* @return set of authorities denied permission on the ACL
*/
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getReadersDenied(Long aclId) {
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null) {
return Collections.emptySet();
}
Set<String> denied = readersDeniedCache.get(aclId);
if (denied != null) {
return denied;
}
denied = new HashSet<String>();
Set<String> assigned = new HashSet<String>();
for (AccessControlEntry ace : acl.getEntries()) {
assigned.add(ace.getAuthority());
}
for (String authority : assigned) {
UnconditionalDeniedAclTest test = new UnconditionalDeniedAclTest(getPermissionReference(PermissionService.READ));
if (test.evaluate(authority, aclId)) {
denied.add(authority);
}
}
readersDeniedCache.put((Serializable) acl.getProperties(), denied);
return denied;
}
Also used :
AccessControlList(org.alfresco.repo.security.permissions.AccessControlList)
AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Extend(org.alfresco.traitextender.Extend)
Aggregations
Extend (org.alfresco.traitextender.Extend)75
NodeRef (org.alfresco.service.cmr.repository.NodeRef)47
ChildAssociationRef (org.alfresco.service.cmr.repository.ChildAssociationRef)25
QName (org.alfresco.service.namespace.QName)21
ArrayList (java.util.ArrayList)19
Pair (org.alfresco.util.Pair)15
HashSet (java.util.HashSet)10
Serializable (java.io.Serializable)9
MutableInt (org.apache.commons.lang3.mutable.MutableInt)9
HashMap (java.util.HashMap)8
LinkedHashSet (java.util.LinkedHashSet)8
ChildAssocRefQueryCallback (org.alfresco.repo.domain.node.NodeDAO.ChildAssocRefQueryCallback)8
AssociationRef (org.alfresco.service.cmr.repository.AssociationRef)8
LockStatus (org.alfresco.service.cmr.lock.LockStatus)6
Version (org.alfresco.service.cmr.version.Version)6
NodeDAO (org.alfresco.repo.domain.node.NodeDAO)5
LockState (org.alfresco.repo.lock.mem.LockState)5
PermissionReference (org.alfresco.repo.security.permissions.PermissionReference)5
StoreRef (org.alfresco.service.cmr.repository.StoreRef)5
Map (java.util.Map)4
