use of org.bedework.access.Acl in project bw-calendar-engine by Bedework.
the class CalSuites method validateGroup.
/**
* Ensure the given group is valid for the given calendar suite
*
* @param cs
* @param groupName
* @return home for the group
* @throws CalFacadeException
*/
private BwCalendar validateGroup(final BwCalSuite cs, final String groupName) throws CalFacadeException {
if (groupName.length() > BwCalSuite.maxNameLength) {
throw new CalFacadeException(CalFacadeException.calsuiteGroupNameTooLong);
}
BwAdminGroup agrp = (BwAdminGroup) getSvc().getAdminDirectories().findGroup(groupName);
if (agrp == null) {
throw new CalFacadeException(CalFacadeException.groupNotFound, groupName);
}
final BwCalSuiteWrapper csw = get(agrp);
if ((csw != null) && !csw.equals(cs)) {
// Group already assigned to another cal suite
throw new CalFacadeException(CalFacadeException.calsuiteGroupAssigned, csw.getName());
}
final BwPrincipal eventsOwner = getPrincipal(agrp.getOwnerHref());
if (eventsOwner == null) {
throw new CalFacadeException(CalFacadeException.calsuiteBadowner);
}
final BwCalendar home = getCols().getHomeDb(eventsOwner, true);
if (home == null) {
throw new CalFacadeException(CalFacadeException.missingGroupOwnerHome);
}
cs.setGroup(agrp);
/* Change access on the home for the events creator which is also the
* owner of the calsuite resources.
*/
final Collection<Privilege> allPrivs = new ArrayList<>();
allPrivs.add(Access.all);
final Collection<Privilege> readPrivs = new ArrayList<>();
readPrivs.add(Access.read);
final Collection<Ace> aces = new ArrayList<>();
try {
aces.add(Ace.makeAce(AceWho.owner, allPrivs, null));
aces.add(Ace.makeAce(AceWho.getAceWho(eventsOwner.getAccount(), WhoDefs.whoTypeUser, false), allPrivs, null));
aces.add(Ace.makeAce(AceWho.getAceWho(null, WhoDefs.whoTypeAuthenticated, false), readPrivs, null));
aces.add(Ace.makeAce(AceWho.all, readPrivs, null));
getSvc().changeAccess(home, aces, true);
/* Same access to the calsuite itself */
getSvc().changeAccess(cs, aces, true);
/* Also set access so that categories, locations etc are readable */
final String aclStr = new String(new Acl(aces).encode());
eventsOwner.setCategoryAccess(aclStr);
eventsOwner.setLocationAccess(aclStr);
eventsOwner.setContactAccess(aclStr);
} catch (final AccessException ae) {
throw new CalFacadeException(ae);
}
getSvc().getUsersHandler().update(eventsOwner);
return home;
}
use of org.bedework.access.Acl in project bw-calendar-engine by Bedework.
the class Sharing method unpublish.
@Override
public void unpublish(final BwCalendar col) throws CalFacadeException {
if (col.getPublick() || (col.getQproperty(AppleServerTags.publishUrl) == null)) {
throw new CalFacadeForbidden("Not published");
}
/* Remove access to all */
final Acl acl = removeAccess(col.getCurrentAccess().getAcl(), null, WhoDefs.whoTypeAll);
// Mark the collection as published
col.removeQproperty(AppleServerTags.publishUrl);
try {
getCols().update(col);
if (acl != null) {
getSvc().changeAccess(col, acl.getAces(), true);
}
} catch (final CalFacadeException cfe) {
throw cfe;
} catch (final Throwable t) {
throw new CalFacadeException(t);
}
}
use of org.bedework.access.Acl in project bw-calendar-engine by Bedework.
the class Sharing method setAccess.
private void setAccess(final BwCalendar col, final AddPrincipal ap) throws CalFacadeException {
try {
final String whoHref;
final int whoKind;
if (ap.pr != null) {
whoHref = ap.pr.getPrincipalRef();
whoKind = ap.pr.getKind();
} else {
// Read to all
whoHref = null;
whoKind = WhoDefs.whoTypeAll;
}
Acl acl = col.getCurrentAccess().getAcl();
final AceWho who = AceWho.getAceWho(whoHref, whoKind, false);
final Collection<Privilege> desiredPriv;
if (ap.forRead) {
desiredPriv = readPrivs;
} else {
desiredPriv = readWritePrivs;
}
/*
boolean removeCurrentPrivs = false;
for (Ace a: ainfo.acl.getAces()) {
if (a.getWho().equals(who)) {
if (a.getHow().equals(desiredPriv)) {
// Already have that access
return null;
}
removeCurrentPrivs = true;
}
}
if (removeCurrentPrivs) {
ainfo.acl = ainfo.acl.removeWho(who);
}
*/
Acl removed = acl.removeWho(who);
if (removed != null) {
acl = removed;
}
final BwPrincipal owner = getUsers().getPrincipal(col.getOwnerHref());
final AceWho ownerWho = AceWho.getAceWho(owner.getAccount(), owner.getKind(), false);
removed = acl.removeWho(ownerWho);
if (removed != null) {
acl = removed;
}
final Collection<Ace> aces = new ArrayList<>();
aces.addAll(acl.getAces());
aces.add(Ace.makeAce(who, desiredPriv, null));
aces.add(Ace.makeAce(ownerWho, allPrivs, null));
getSvc().changeAccess(col, aces, true);
if (!col.getInternalAlias()) {
return;
}
final BwCalendar target = getSvc().getCalendarsHandler().resolveAlias(col, false, false);
if (target != null) {
/* Switch identity to the sharee then reget the handler
* and do the share
*/
pushPrincipal(target.getOwnerHref());
try {
setAccess(target, ap);
} catch (final CalFacadeException cfe) {
throw cfe;
} catch (final Throwable t) {
throw new CalFacadeException(t);
} finally {
popPrincipal();
}
}
} catch (final AccessException ae) {
throw new CalFacadeException(ae);
}
}
use of org.bedework.access.Acl in project bw-calendar-engine by Bedework.
the class Sharing method removeAccess.
private boolean removeAccess(final BwCalendar col, final String principalHref) throws CalFacadeException {
Acl acl = col.getCurrentAccess().getAcl();
try {
if (Util.isEmpty(acl.getAces())) {
return false;
}
final BwPrincipal pr = caladdrToPrincipal(principalHref);
acl = removeAccess(acl, pr.getAccount(), pr.getKind());
if (acl == null) {
// no change
return false;
}
getSvc().changeAccess(col, acl.getAces(), true);
if (!col.getInternalAlias()) {
return true;
}
final BwCalendar target = getSvc().getCalendarsHandler().resolveAlias(col, false, false);
if (target == null) {
return false;
}
/* Switch identity to the sharee then reget the handler
* and do the share
*/
pushPrincipal(target.getOwnerHref());
try {
return removeAccess(target, principalHref);
} catch (final CalFacadeException cfe) {
throw cfe;
} catch (final Throwable t) {
throw new CalFacadeException(t);
} finally {
popPrincipal();
}
} catch (final AccessException ae) {
throw new CalFacadeException(ae);
}
}
use of org.bedework.access.Acl in project bw-calendar-engine by Bedework.
the class AccessUtil method getAclChars.
/* ====================================================================
* Private methods
* ==================================================================== */
/* If the entity is not a collection we merge the access in with the container
* access then return the merged aces. We do this because we call getPathInfo
* with a collection entity. That method will recurse up to the root.
*
* For a calendar we just use the access for the calendar.
*
* The calendar/container access might be cached in the pathInfoTable.
*/
private char[] getAclChars(final BwShareableDbentity<?> ent) throws CalFacadeException {
if ((!(ent instanceof BwEventProperty)) && (ent instanceof BwShareableContainedDbentity)) {
BwCalendar container;
if (ent instanceof BwCalendar) {
container = (BwCalendar) ent;
} else {
container = getParent((BwShareableContainedDbentity<?>) ent);
}
if (container == null) {
return null;
}
final String path = container.getPath();
CalendarWrapper wcol = (CalendarWrapper) container;
String aclStr;
char[] aclChars = null;
/* Get access for the parent first if we have one */
BwCalendar parent = getParent(wcol);
if (parent != null) {
aclStr = new String(merged(getAclChars(parent), parent.getPath(), wcol.getAccess()));
} else if (wcol.getAccess() != null) {
aclStr = wcol.getAccess();
} else {
// At root
throw new CalFacadeException("Collections must have default access set at root");
}
if (aclStr != null) {
aclChars = aclStr.toCharArray();
}
if (ent instanceof BwCalendar) {
return aclChars;
}
return merged(aclChars, path, ent.getAccess());
}
/* This is a way of making other objects sort of shareable.
* The objects are locations, sponsors and categories.
* (also calsuite)
*
* We store the default access in the owner principal and manipulate that to give
* us some degree of sharing.
*
* In effect, the owner becomes the container for the object.
*/
String aclString = null;
String entAccess = ent.getAccess();
BwPrincipal owner = (BwPrincipal) cb.getPrincipal(ent.getOwnerHref());
if (ent instanceof BwCategory) {
aclString = owner.getCategoryAccess();
} else if (ent instanceof BwLocation) {
aclString = owner.getLocationAccess();
} else if (ent instanceof BwContact) {
aclString = owner.getContactAccess();
}
if (aclString == null) {
if (entAccess == null) {
if (ent.getPublick()) {
return Access.getDefaultPublicAccess().toCharArray();
}
return Access.getDefaultPersonalAccess().toCharArray();
}
return entAccess.toCharArray();
}
if (entAccess == null) {
return aclString.toCharArray();
}
try {
Acl acl = Acl.decode(entAccess.toCharArray());
acl = acl.merge(aclString.toCharArray(), "/owner");
return acl.getEncoded();
} catch (Throwable t) {
throw new CalFacadeException(t);
}
}
Aggregations