Example 71 with Extend
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method getSettablePermissions.
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getSettablePermissions(NodeRef nodeRef) {
Set<PermissionReference> settable = getSettablePermissionReferences(nodeRef);
Set<String> strings = new HashSet<String>(settable.size());
for (PermissionReference pr : settable) {
strings.add(getPermission(pr));
}
return strings;
}
Also used :
PermissionReference(org.alfresco.repo.security.permissions.PermissionReference)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Extend(org.alfresco.traitextender.Extend)
Example 72 with Extend
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method getAuthorisations.
/**
* {@inheritDoc}
*/
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getAuthorisations() {
// Use TX cache
@SuppressWarnings("unchecked") Set<String> auths = (Set<String>) AlfrescoTransactionSupport.getResource("MyAuthCache");
Authentication auth = AuthenticationUtil.getRunAsAuthentication();
if (auths != null) {
if (auth == null || !auths.contains(((User) auth.getPrincipal()).getUsername())) {
auths = null;
}
}
if (auths == null) {
auths = getCoreAuthorisations(auth);
AlfrescoTransactionSupport.bindResource("MyAuthCache", auths);
}
return Collections.unmodifiableSet(auths);
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Authentication(net.sf.acegisecurity.Authentication)
Extend(org.alfresco.traitextender.Extend)
Example 73 with Extend
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method getSettablePermissions.
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getSettablePermissions(QName type) {
Set<PermissionReference> settable = getSettablePermissionReferences(type);
Set<String> strings = new LinkedHashSet<String>(settable.size());
for (PermissionReference pr : settable) {
strings.add(getPermission(pr));
}
return strings;
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
PermissionReference(org.alfresco.repo.security.permissions.PermissionReference)
Extend(org.alfresco.traitextender.Extend)
Example 74 with Extend
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method getReaders.
/**
* {@inheritDoc}
*/
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getReaders(Long aclId) {
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null) {
return Collections.emptySet();
}
Set<String> aclReaders = readersCache.get((Serializable) acl.getProperties());
if (aclReaders != null) {
return aclReaders;
}
HashSet<String> assigned = new HashSet<String>();
HashSet<String> readers = new HashSet<String>();
for (AccessControlEntry ace : acl.getEntries()) {
assigned.add(ace.getAuthority());
}
for (String authority : assigned) {
UnconditionalAclTest test = new UnconditionalAclTest(getPermissionReference(PermissionService.READ));
if (test.evaluate(authority, aclId)) {
readers.add(authority);
}
}
aclReaders = Collections.unmodifiableSet(readers);
readersCache.put((Serializable) acl.getProperties(), aclReaders);
return aclReaders;
}
Also used :
AccessControlList(org.alfresco.repo.security.permissions.AccessControlList)
AccessControlEntry(org.alfresco.repo.security.permissions.AccessControlEntry)
HashSet(java.util.HashSet)
LinkedHashSet(java.util.LinkedHashSet)
Extend(org.alfresco.traitextender.Extend)
Example 75 with Extend
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method hasReadPermission.
/**
* Optimised read permission evaluation
* caveats:
* doesn't take into account dynamic authorities/groups
* doesn't take into account node types/aspects for permissions
*/
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public AccessStatus hasReadPermission(NodeRef nodeRef) {
AccessStatus status = AccessStatus.DENIED;
// - so we allow it
if (nodeRef == null) {
return AccessStatus.ALLOWED;
}
// Allow permissions for nodes that do not exist
if (!nodeService.exists(nodeRef)) {
return AccessStatus.ALLOWED;
}
String runAsUser = AuthenticationUtil.getRunAsUser();
if (runAsUser == null) {
return AccessStatus.DENIED;
}
if (AuthenticationUtil.isRunAsUserTheSystemUser()) {
return AccessStatus.ALLOWED;
}
// any dynamic authorities other than those defined in the default permissions model with full
// control or read permission force hasPermission check
Boolean forceHasPermission = (Boolean) AlfrescoTransactionSupport.getResource("forceHasPermission");
if (forceHasPermission == null) {
for (DynamicAuthority dynamicAuthority : dynamicAuthorities) {
String authority = dynamicAuthority.getAuthority();
Set<PermissionReference> requiredFor = dynamicAuthority.requiredFor();
if (authority != PermissionService.OWNER_AUTHORITY && authority != PermissionService.ADMINISTRATOR_AUTHORITY && authority != PermissionService.LOCK_OWNER_AUTHORITY && (requiredFor == null || requiredFor.contains(modelDAO.getPermissionReference(null, PermissionService.FULL_CONTROL)) || requiredFor.contains(modelDAO.getPermissionReference(null, PermissionService.READ)))) {
forceHasPermission = Boolean.TRUE;
break;
}
}
AlfrescoTransactionSupport.bindResource("forceHasPermission", forceHasPermission);
}
if (forceHasPermission == Boolean.TRUE) {
return hasPermission(nodeRef, PermissionService.READ);
}
Long aclID = nodeService.getNodeAclId(nodeRef);
if (aclID == null) {
// ACLID is null - need to call default permissions evaluation
// This will end up calling the old-style ACL code that walks up the ACL tree
status = hasPermission(nodeRef, getPermissionReference(null, PermissionService.READ));
} else {
status = (canRead(aclID) == AccessStatus.ALLOWED || adminRead() == AccessStatus.ALLOWED || ownerRead(runAsUser, nodeRef) == AccessStatus.ALLOWED) ? AccessStatus.ALLOWED : AccessStatus.DENIED;
}
return status;
}
Also used :
DynamicAuthority(org.alfresco.repo.security.permissions.DynamicAuthority)
PermissionReference(org.alfresco.repo.security.permissions.PermissionReference)
BooleanUtils.toBoolean(org.apache.commons.lang3.BooleanUtils.toBoolean)
AccessStatus(org.alfresco.service.cmr.security.AccessStatus)
Extend(org.alfresco.traitextender.Extend)
Aggregations
Extend (org.alfresco.traitextender.Extend)75
NodeRef (org.alfresco.service.cmr.repository.NodeRef)47
ChildAssociationRef (org.alfresco.service.cmr.repository.ChildAssociationRef)25
QName (org.alfresco.service.namespace.QName)21
ArrayList (java.util.ArrayList)19
Pair (org.alfresco.util.Pair)15
HashSet (java.util.HashSet)10
Serializable (java.io.Serializable)9
MutableInt (org.apache.commons.lang3.mutable.MutableInt)9
HashMap (java.util.HashMap)8
LinkedHashSet (java.util.LinkedHashSet)8
ChildAssocRefQueryCallback (org.alfresco.repo.domain.node.NodeDAO.ChildAssocRefQueryCallback)8
AssociationRef (org.alfresco.service.cmr.repository.AssociationRef)8
LockStatus (org.alfresco.service.cmr.lock.LockStatus)6
Version (org.alfresco.service.cmr.version.Version)6
NodeDAO (org.alfresco.repo.domain.node.NodeDAO)5
LockState (org.alfresco.repo.lock.mem.LockState)5
PermissionReference (org.alfresco.repo.security.permissions.PermissionReference)5
StoreRef (org.alfresco.service.cmr.repository.StoreRef)5
Map (java.util.Map)4
