Search in sources :

Example 1 with AccessException

use of org.bedework.access.AccessException in project bw-calendar-engine by Bedework.

the class CalSuites method validateGroup.

/**
 * Ensure the given group is valid for the given calendar suite
 *
 * @param cs
 * @param groupName
 * @return home for the group
 * @throws CalFacadeException
 */
private BwCalendar validateGroup(final BwCalSuite cs, final String groupName) throws CalFacadeException {
    if (groupName.length() > BwCalSuite.maxNameLength) {
        throw new CalFacadeException(CalFacadeException.calsuiteGroupNameTooLong);
    }
    BwAdminGroup agrp = (BwAdminGroup) getSvc().getAdminDirectories().findGroup(groupName);
    if (agrp == null) {
        throw new CalFacadeException(CalFacadeException.groupNotFound, groupName);
    }
    final BwCalSuiteWrapper csw = get(agrp);
    if ((csw != null) && !csw.equals(cs)) {
        // Group already assigned to another cal suite
        throw new CalFacadeException(CalFacadeException.calsuiteGroupAssigned, csw.getName());
    }
    final BwPrincipal eventsOwner = getPrincipal(agrp.getOwnerHref());
    if (eventsOwner == null) {
        throw new CalFacadeException(CalFacadeException.calsuiteBadowner);
    }
    final BwCalendar home = getCols().getHomeDb(eventsOwner, true);
    if (home == null) {
        throw new CalFacadeException(CalFacadeException.missingGroupOwnerHome);
    }
    cs.setGroup(agrp);
    /* Change access on the home for the events creator which is also the
     * owner of the calsuite resources.
     */
    final Collection<Privilege> allPrivs = new ArrayList<>();
    allPrivs.add(Access.all);
    final Collection<Privilege> readPrivs = new ArrayList<>();
    readPrivs.add(Access.read);
    final Collection<Ace> aces = new ArrayList<>();
    try {
        aces.add(Ace.makeAce(AceWho.owner, allPrivs, null));
        aces.add(Ace.makeAce(AceWho.getAceWho(eventsOwner.getAccount(), WhoDefs.whoTypeUser, false), allPrivs, null));
        aces.add(Ace.makeAce(AceWho.getAceWho(null, WhoDefs.whoTypeAuthenticated, false), readPrivs, null));
        aces.add(Ace.makeAce(AceWho.all, readPrivs, null));
        getSvc().changeAccess(home, aces, true);
        /* Same access to the calsuite itself */
        getSvc().changeAccess(cs, aces, true);
        /* Also set access so that categories, locations etc are readable */
        final String aclStr = new String(new Acl(aces).encode());
        eventsOwner.setCategoryAccess(aclStr);
        eventsOwner.setLocationAccess(aclStr);
        eventsOwner.setContactAccess(aclStr);
    } catch (final AccessException ae) {
        throw new CalFacadeException(ae);
    }
    getSvc().getUsersHandler().update(eventsOwner);
    return home;
}
Also used : Ace(org.bedework.access.Ace) ArrayList(java.util.ArrayList) BwCalSuiteWrapper(org.bedework.calfacade.svc.wrappers.BwCalSuiteWrapper) BwCalendar(org.bedework.calfacade.BwCalendar) Acl(org.bedework.access.Acl) CalFacadeException(org.bedework.calfacade.exc.CalFacadeException) BwPrincipal(org.bedework.calfacade.BwPrincipal) AccessException(org.bedework.access.AccessException) BwAdminGroup(org.bedework.calfacade.svc.BwAdminGroup) Privilege(org.bedework.access.Privilege)

Example 2 with AccessException

use of org.bedework.access.AccessException in project bw-calendar-engine by Bedework.

the class Sharing method setAccess.

private void setAccess(final BwCalendar col, final AddPrincipal ap) throws CalFacadeException {
    try {
        final String whoHref;
        final int whoKind;
        if (ap.pr != null) {
            whoHref = ap.pr.getPrincipalRef();
            whoKind = ap.pr.getKind();
        } else {
            // Read to all
            whoHref = null;
            whoKind = WhoDefs.whoTypeAll;
        }
        Acl acl = col.getCurrentAccess().getAcl();
        final AceWho who = AceWho.getAceWho(whoHref, whoKind, false);
        final Collection<Privilege> desiredPriv;
        if (ap.forRead) {
            desiredPriv = readPrivs;
        } else {
            desiredPriv = readWritePrivs;
        }
        /*
      boolean removeCurrentPrivs = false;

      for (Ace a: ainfo.acl.getAces()) {
        if (a.getWho().equals(who)) {
          if (a.getHow().equals(desiredPriv)) {
            // Already have that access
            return null;
          }

          removeCurrentPrivs = true;
        }
      }

      if (removeCurrentPrivs) {
        ainfo.acl = ainfo.acl.removeWho(who);
      }
      */
        Acl removed = acl.removeWho(who);
        if (removed != null) {
            acl = removed;
        }
        final BwPrincipal owner = getUsers().getPrincipal(col.getOwnerHref());
        final AceWho ownerWho = AceWho.getAceWho(owner.getAccount(), owner.getKind(), false);
        removed = acl.removeWho(ownerWho);
        if (removed != null) {
            acl = removed;
        }
        final Collection<Ace> aces = new ArrayList<>();
        aces.addAll(acl.getAces());
        aces.add(Ace.makeAce(who, desiredPriv, null));
        aces.add(Ace.makeAce(ownerWho, allPrivs, null));
        getSvc().changeAccess(col, aces, true);
        if (!col.getInternalAlias()) {
            return;
        }
        final BwCalendar target = getSvc().getCalendarsHandler().resolveAlias(col, false, false);
        if (target != null) {
            /* Switch identity to the sharee then reget the handler
         * and do the share
         */
            pushPrincipal(target.getOwnerHref());
            try {
                setAccess(target, ap);
            } catch (final CalFacadeException cfe) {
                throw cfe;
            } catch (final Throwable t) {
                throw new CalFacadeException(t);
            } finally {
                popPrincipal();
            }
        }
    } catch (final AccessException ae) {
        throw new CalFacadeException(ae);
    }
}
Also used : Ace(org.bedework.access.Ace) ArrayList(java.util.ArrayList) Acl(org.bedework.access.Acl) BwCalendar(org.bedework.calfacade.BwCalendar) CalFacadeException(org.bedework.calfacade.exc.CalFacadeException) BwPrincipal(org.bedework.calfacade.BwPrincipal) AccessException(org.bedework.access.AccessException) AceWho(org.bedework.access.AceWho) Privilege(org.bedework.access.Privilege)

Example 3 with AccessException

use of org.bedework.access.AccessException in project bw-calendar-engine by Bedework.

the class Sharing method removeAccess.

private boolean removeAccess(final BwCalendar col, final String principalHref) throws CalFacadeException {
    Acl acl = col.getCurrentAccess().getAcl();
    try {
        if (Util.isEmpty(acl.getAces())) {
            return false;
        }
        final BwPrincipal pr = caladdrToPrincipal(principalHref);
        acl = removeAccess(acl, pr.getAccount(), pr.getKind());
        if (acl == null) {
            // no change
            return false;
        }
        getSvc().changeAccess(col, acl.getAces(), true);
        if (!col.getInternalAlias()) {
            return true;
        }
        final BwCalendar target = getSvc().getCalendarsHandler().resolveAlias(col, false, false);
        if (target == null) {
            return false;
        }
        /* Switch identity to the sharee then reget the handler
       * and do the share
       */
        pushPrincipal(target.getOwnerHref());
        try {
            return removeAccess(target, principalHref);
        } catch (final CalFacadeException cfe) {
            throw cfe;
        } catch (final Throwable t) {
            throw new CalFacadeException(t);
        } finally {
            popPrincipal();
        }
    } catch (final AccessException ae) {
        throw new CalFacadeException(ae);
    }
}
Also used : BwPrincipal(org.bedework.calfacade.BwPrincipal) AccessException(org.bedework.access.AccessException) Acl(org.bedework.access.Acl) BwCalendar(org.bedework.calfacade.BwCalendar) CalFacadeException(org.bedework.calfacade.exc.CalFacadeException)

Example 4 with AccessException

use of org.bedework.access.AccessException in project bw-calendar-engine by Bedework.

the class CalSuites method getResourcesDir.

/* ====================================================================
   *                   Private methods
   *  =================================================================== */
private BwCalendar getResourcesDir(final BwCalSuite suite, final ResourceClass cl) throws CalFacadeException {
    String path = getResourcesPath(suite, cl);
    if (path == null) {
        throw new CalFacadeException(CalFacadeException.noCalsuiteResCol);
    }
    BwCalendar resCol = getCols().get(path);
    if (resCol != null) {
        return resCol;
    }
    /* Create the collection. All are world readable. The calsuite class
     * collection is writable to the calsuite owner.
     */
    resCol = new BwCalendar();
    resCol.setName(path.substring(path.lastIndexOf("/") + 1));
    resCol.setSummary(resCol.getName());
    resCol.setCreatorHref(suite.getOwnerHref());
    if (cl == ResourceClass.calsuite) {
        // Owned by the suite
        resCol.setOwnerHref(suite.getOwnerHref());
    } else {
        resCol.setOwnerHref(getPublicUser().getPrincipalRef());
    }
    String parentPath = path.substring(0, path.lastIndexOf("/"));
    resCol = getCols().add(resCol, parentPath);
    try {
        Collection<Privilege> readPrivs = new ArrayList<Privilege>();
        readPrivs.add(Access.read);
        Collection<Ace> aces = new ArrayList<Ace>();
        aces.add(Ace.makeAce(AceWho.all, readPrivs, null));
        getSvc().changeAccess(resCol, aces, true);
    } catch (AccessException ae) {
        throw new CalFacadeException(ae);
    }
    return resCol;
}
Also used : Ace(org.bedework.access.Ace) AccessException(org.bedework.access.AccessException) ArrayList(java.util.ArrayList) BwCalendar(org.bedework.calfacade.BwCalendar) Privilege(org.bedework.access.Privilege) CalFacadeException(org.bedework.calfacade.exc.CalFacadeException)

Aggregations

AccessException (org.bedework.access.AccessException)4 BwCalendar (org.bedework.calfacade.BwCalendar)4 CalFacadeException (org.bedework.calfacade.exc.CalFacadeException)4 ArrayList (java.util.ArrayList)3 Ace (org.bedework.access.Ace)3 Acl (org.bedework.access.Acl)3 Privilege (org.bedework.access.Privilege)3 BwPrincipal (org.bedework.calfacade.BwPrincipal)3 AceWho (org.bedework.access.AceWho)1 BwAdminGroup (org.bedework.calfacade.svc.BwAdminGroup)1 BwCalSuiteWrapper (org.bedework.calfacade.svc.wrappers.BwCalSuiteWrapper)1