use of org.bedework.access.AccessException in project bw-calendar-engine by Bedework.
the class CalSuites method validateGroup.
/**
* Ensure the given group is valid for the given calendar suite
*
* @param cs
* @param groupName
* @return home for the group
* @throws CalFacadeException
*/
private BwCalendar validateGroup(final BwCalSuite cs, final String groupName) throws CalFacadeException {
if (groupName.length() > BwCalSuite.maxNameLength) {
throw new CalFacadeException(CalFacadeException.calsuiteGroupNameTooLong);
}
BwAdminGroup agrp = (BwAdminGroup) getSvc().getAdminDirectories().findGroup(groupName);
if (agrp == null) {
throw new CalFacadeException(CalFacadeException.groupNotFound, groupName);
}
final BwCalSuiteWrapper csw = get(agrp);
if ((csw != null) && !csw.equals(cs)) {
// Group already assigned to another cal suite
throw new CalFacadeException(CalFacadeException.calsuiteGroupAssigned, csw.getName());
}
final BwPrincipal eventsOwner = getPrincipal(agrp.getOwnerHref());
if (eventsOwner == null) {
throw new CalFacadeException(CalFacadeException.calsuiteBadowner);
}
final BwCalendar home = getCols().getHomeDb(eventsOwner, true);
if (home == null) {
throw new CalFacadeException(CalFacadeException.missingGroupOwnerHome);
}
cs.setGroup(agrp);
/* Change access on the home for the events creator which is also the
* owner of the calsuite resources.
*/
final Collection<Privilege> allPrivs = new ArrayList<>();
allPrivs.add(Access.all);
final Collection<Privilege> readPrivs = new ArrayList<>();
readPrivs.add(Access.read);
final Collection<Ace> aces = new ArrayList<>();
try {
aces.add(Ace.makeAce(AceWho.owner, allPrivs, null));
aces.add(Ace.makeAce(AceWho.getAceWho(eventsOwner.getAccount(), WhoDefs.whoTypeUser, false), allPrivs, null));
aces.add(Ace.makeAce(AceWho.getAceWho(null, WhoDefs.whoTypeAuthenticated, false), readPrivs, null));
aces.add(Ace.makeAce(AceWho.all, readPrivs, null));
getSvc().changeAccess(home, aces, true);
/* Same access to the calsuite itself */
getSvc().changeAccess(cs, aces, true);
/* Also set access so that categories, locations etc are readable */
final String aclStr = new String(new Acl(aces).encode());
eventsOwner.setCategoryAccess(aclStr);
eventsOwner.setLocationAccess(aclStr);
eventsOwner.setContactAccess(aclStr);
} catch (final AccessException ae) {
throw new CalFacadeException(ae);
}
getSvc().getUsersHandler().update(eventsOwner);
return home;
}
use of org.bedework.access.AccessException in project bw-calendar-engine by Bedework.
the class Sharing method setAccess.
private void setAccess(final BwCalendar col, final AddPrincipal ap) throws CalFacadeException {
try {
final String whoHref;
final int whoKind;
if (ap.pr != null) {
whoHref = ap.pr.getPrincipalRef();
whoKind = ap.pr.getKind();
} else {
// Read to all
whoHref = null;
whoKind = WhoDefs.whoTypeAll;
}
Acl acl = col.getCurrentAccess().getAcl();
final AceWho who = AceWho.getAceWho(whoHref, whoKind, false);
final Collection<Privilege> desiredPriv;
if (ap.forRead) {
desiredPriv = readPrivs;
} else {
desiredPriv = readWritePrivs;
}
/*
boolean removeCurrentPrivs = false;
for (Ace a: ainfo.acl.getAces()) {
if (a.getWho().equals(who)) {
if (a.getHow().equals(desiredPriv)) {
// Already have that access
return null;
}
removeCurrentPrivs = true;
}
}
if (removeCurrentPrivs) {
ainfo.acl = ainfo.acl.removeWho(who);
}
*/
Acl removed = acl.removeWho(who);
if (removed != null) {
acl = removed;
}
final BwPrincipal owner = getUsers().getPrincipal(col.getOwnerHref());
final AceWho ownerWho = AceWho.getAceWho(owner.getAccount(), owner.getKind(), false);
removed = acl.removeWho(ownerWho);
if (removed != null) {
acl = removed;
}
final Collection<Ace> aces = new ArrayList<>();
aces.addAll(acl.getAces());
aces.add(Ace.makeAce(who, desiredPriv, null));
aces.add(Ace.makeAce(ownerWho, allPrivs, null));
getSvc().changeAccess(col, aces, true);
if (!col.getInternalAlias()) {
return;
}
final BwCalendar target = getSvc().getCalendarsHandler().resolveAlias(col, false, false);
if (target != null) {
/* Switch identity to the sharee then reget the handler
* and do the share
*/
pushPrincipal(target.getOwnerHref());
try {
setAccess(target, ap);
} catch (final CalFacadeException cfe) {
throw cfe;
} catch (final Throwable t) {
throw new CalFacadeException(t);
} finally {
popPrincipal();
}
}
} catch (final AccessException ae) {
throw new CalFacadeException(ae);
}
}
use of org.bedework.access.AccessException in project bw-calendar-engine by Bedework.
the class Sharing method removeAccess.
private boolean removeAccess(final BwCalendar col, final String principalHref) throws CalFacadeException {
Acl acl = col.getCurrentAccess().getAcl();
try {
if (Util.isEmpty(acl.getAces())) {
return false;
}
final BwPrincipal pr = caladdrToPrincipal(principalHref);
acl = removeAccess(acl, pr.getAccount(), pr.getKind());
if (acl == null) {
// no change
return false;
}
getSvc().changeAccess(col, acl.getAces(), true);
if (!col.getInternalAlias()) {
return true;
}
final BwCalendar target = getSvc().getCalendarsHandler().resolveAlias(col, false, false);
if (target == null) {
return false;
}
/* Switch identity to the sharee then reget the handler
* and do the share
*/
pushPrincipal(target.getOwnerHref());
try {
return removeAccess(target, principalHref);
} catch (final CalFacadeException cfe) {
throw cfe;
} catch (final Throwable t) {
throw new CalFacadeException(t);
} finally {
popPrincipal();
}
} catch (final AccessException ae) {
throw new CalFacadeException(ae);
}
}
use of org.bedework.access.AccessException in project bw-calendar-engine by Bedework.
the class CalSuites method getResourcesDir.
/* ====================================================================
* Private methods
* =================================================================== */
private BwCalendar getResourcesDir(final BwCalSuite suite, final ResourceClass cl) throws CalFacadeException {
String path = getResourcesPath(suite, cl);
if (path == null) {
throw new CalFacadeException(CalFacadeException.noCalsuiteResCol);
}
BwCalendar resCol = getCols().get(path);
if (resCol != null) {
return resCol;
}
/* Create the collection. All are world readable. The calsuite class
* collection is writable to the calsuite owner.
*/
resCol = new BwCalendar();
resCol.setName(path.substring(path.lastIndexOf("/") + 1));
resCol.setSummary(resCol.getName());
resCol.setCreatorHref(suite.getOwnerHref());
if (cl == ResourceClass.calsuite) {
// Owned by the suite
resCol.setOwnerHref(suite.getOwnerHref());
} else {
resCol.setOwnerHref(getPublicUser().getPrincipalRef());
}
String parentPath = path.substring(0, path.lastIndexOf("/"));
resCol = getCols().add(resCol, parentPath);
try {
Collection<Privilege> readPrivs = new ArrayList<Privilege>();
readPrivs.add(Access.read);
Collection<Ace> aces = new ArrayList<Ace>();
aces.add(Ace.makeAce(AceWho.all, readPrivs, null));
getSvc().changeAccess(resCol, aces, true);
} catch (AccessException ae) {
throw new CalFacadeException(ae);
}
return resCol;
}
Aggregations