use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method getSettablePermissions.
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getSettablePermissions(NodeRef nodeRef) {
Set<PermissionReference> settable = getSettablePermissionReferences(nodeRef);
Set<String> strings = new HashSet<String>(settable.size());
for (PermissionReference pr : settable) {
strings.add(getPermission(pr));
}
return strings;
}
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method getAuthorisations.
/**
* {@inheritDoc}
*/
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getAuthorisations() {
// Use TX cache
@SuppressWarnings("unchecked") Set<String> auths = (Set<String>) AlfrescoTransactionSupport.getResource("MyAuthCache");
Authentication auth = AuthenticationUtil.getRunAsAuthentication();
if (auths != null) {
if (auth == null || !auths.contains(((User) auth.getPrincipal()).getUsername())) {
auths = null;
}
}
if (auths == null) {
auths = getCoreAuthorisations(auth);
AlfrescoTransactionSupport.bindResource("MyAuthCache", auths);
}
return Collections.unmodifiableSet(auths);
}
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method getSettablePermissions.
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getSettablePermissions(QName type) {
Set<PermissionReference> settable = getSettablePermissionReferences(type);
Set<String> strings = new LinkedHashSet<String>(settable.size());
for (PermissionReference pr : settable) {
strings.add(getPermission(pr));
}
return strings;
}
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method getReaders.
/**
* {@inheritDoc}
*/
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public Set<String> getReaders(Long aclId) {
AccessControlList acl = aclDaoComponent.getAccessControlList(aclId);
if (acl == null) {
return Collections.emptySet();
}
Set<String> aclReaders = readersCache.get((Serializable) acl.getProperties());
if (aclReaders != null) {
return aclReaders;
}
HashSet<String> assigned = new HashSet<String>();
HashSet<String> readers = new HashSet<String>();
for (AccessControlEntry ace : acl.getEntries()) {
assigned.add(ace.getAuthority());
}
for (String authority : assigned) {
UnconditionalAclTest test = new UnconditionalAclTest(getPermissionReference(PermissionService.READ));
if (test.evaluate(authority, aclId)) {
readers.add(authority);
}
}
aclReaders = Collections.unmodifiableSet(readers);
readersCache.put((Serializable) acl.getProperties(), aclReaders);
return aclReaders;
}
use of org.alfresco.traitextender.Extend in project alfresco-repository by Alfresco.
the class PermissionServiceImpl method hasReadPermission.
/**
* Optimised read permission evaluation
* caveats:
* doesn't take into account dynamic authorities/groups
* doesn't take into account node types/aspects for permissions
*/
@Override
@Extend(traitAPI = PermissionServiceTrait.class, extensionAPI = PermissionServiceExtension.class)
public AccessStatus hasReadPermission(NodeRef nodeRef) {
AccessStatus status = AccessStatus.DENIED;
// - so we allow it
if (nodeRef == null) {
return AccessStatus.ALLOWED;
}
// Allow permissions for nodes that do not exist
if (!nodeService.exists(nodeRef)) {
return AccessStatus.ALLOWED;
}
String runAsUser = AuthenticationUtil.getRunAsUser();
if (runAsUser == null) {
return AccessStatus.DENIED;
}
if (AuthenticationUtil.isRunAsUserTheSystemUser()) {
return AccessStatus.ALLOWED;
}
// any dynamic authorities other than those defined in the default permissions model with full
// control or read permission force hasPermission check
Boolean forceHasPermission = (Boolean) AlfrescoTransactionSupport.getResource("forceHasPermission");
if (forceHasPermission == null) {
for (DynamicAuthority dynamicAuthority : dynamicAuthorities) {
String authority = dynamicAuthority.getAuthority();
Set<PermissionReference> requiredFor = dynamicAuthority.requiredFor();
if (authority != PermissionService.OWNER_AUTHORITY && authority != PermissionService.ADMINISTRATOR_AUTHORITY && authority != PermissionService.LOCK_OWNER_AUTHORITY && (requiredFor == null || requiredFor.contains(modelDAO.getPermissionReference(null, PermissionService.FULL_CONTROL)) || requiredFor.contains(modelDAO.getPermissionReference(null, PermissionService.READ)))) {
forceHasPermission = Boolean.TRUE;
break;
}
}
AlfrescoTransactionSupport.bindResource("forceHasPermission", forceHasPermission);
}
if (forceHasPermission == Boolean.TRUE) {
return hasPermission(nodeRef, PermissionService.READ);
}
Long aclID = nodeService.getNodeAclId(nodeRef);
if (aclID == null) {
// ACLID is null - need to call default permissions evaluation
// This will end up calling the old-style ACL code that walks up the ACL tree
status = hasPermission(nodeRef, getPermissionReference(null, PermissionService.READ));
} else {
status = (canRead(aclID) == AccessStatus.ALLOWED || adminRead() == AccessStatus.ALLOWED || ownerRead(runAsUser, nodeRef) == AccessStatus.ALLOWED) ? AccessStatus.ALLOWED : AccessStatus.DENIED;
}
return status;
}
Aggregations