Example 1 with Acl
use of org.bedework.access.Acl in project bw-calendar-engine by Bedework.
the class CalSuites method validateGroup.
/**
* Ensure the given group is valid for the given calendar suite
*
* @param cs
* @param groupName
* @return home for the group
* @throws CalFacadeException
*/
private BwCalendar validateGroup(final BwCalSuite cs, final String groupName) throws CalFacadeException {
if (groupName.length() > BwCalSuite.maxNameLength) {
throw new CalFacadeException(CalFacadeException.calsuiteGroupNameTooLong);
}
BwAdminGroup agrp = (BwAdminGroup) getSvc().getAdminDirectories().findGroup(groupName);
if (agrp == null) {
throw new CalFacadeException(CalFacadeException.groupNotFound, groupName);
}
final BwCalSuiteWrapper csw = get(agrp);
if ((csw != null) && !csw.equals(cs)) {
// Group already assigned to another cal suite
throw new CalFacadeException(CalFacadeException.calsuiteGroupAssigned, csw.getName());
}
final BwPrincipal eventsOwner = getPrincipal(agrp.getOwnerHref());
if (eventsOwner == null) {
throw new CalFacadeException(CalFacadeException.calsuiteBadowner);
}
final BwCalendar home = getCols().getHomeDb(eventsOwner, true);
if (home == null) {
throw new CalFacadeException(CalFacadeException.missingGroupOwnerHome);
}
cs.setGroup(agrp);
/* Change access on the home for the events creator which is also the
* owner of the calsuite resources.
*/
final Collection<Privilege> allPrivs = new ArrayList<>();
allPrivs.add(Access.all);
final Collection<Privilege> readPrivs = new ArrayList<>();
readPrivs.add(Access.read);
final Collection<Ace> aces = new ArrayList<>();
try {
aces.add(Ace.makeAce(AceWho.owner, allPrivs, null));
aces.add(Ace.makeAce(AceWho.getAceWho(eventsOwner.getAccount(), WhoDefs.whoTypeUser, false), allPrivs, null));
aces.add(Ace.makeAce(AceWho.getAceWho(null, WhoDefs.whoTypeAuthenticated, false), readPrivs, null));
aces.add(Ace.makeAce(AceWho.all, readPrivs, null));
getSvc().changeAccess(home, aces, true);
/* Same access to the calsuite itself */
getSvc().changeAccess(cs, aces, true);
/* Also set access so that categories, locations etc are readable */
final String aclStr = new String(new Acl(aces).encode());
eventsOwner.setCategoryAccess(aclStr);
eventsOwner.setLocationAccess(aclStr);
eventsOwner.setContactAccess(aclStr);
} catch (final AccessException ae) {
throw new CalFacadeException(ae);
}
getSvc().getUsersHandler().update(eventsOwner);
return home;
}
Also used :
Ace(org.bedework.access.Ace)
ArrayList(java.util.ArrayList)
BwCalSuiteWrapper(org.bedework.calfacade.svc.wrappers.BwCalSuiteWrapper)
BwCalendar(org.bedework.calfacade.BwCalendar)
Acl(org.bedework.access.Acl)
CalFacadeException(org.bedework.calfacade.exc.CalFacadeException)
BwPrincipal(org.bedework.calfacade.BwPrincipal)
AccessException(org.bedework.access.AccessException)
BwAdminGroup(org.bedework.calfacade.svc.BwAdminGroup)
Privilege(org.bedework.access.Privilege)
Example 2 with Acl
use of org.bedework.access.Acl in project bw-calendar-engine by Bedework.
the class Sharing method unpublish.
@Override
public void unpublish(final BwCalendar col) throws CalFacadeException {
if (col.getPublick() || (col.getQproperty(AppleServerTags.publishUrl) == null)) {
throw new CalFacadeForbidden("Not published");
}
/* Remove access to all */
final Acl acl = removeAccess(col.getCurrentAccess().getAcl(), null, WhoDefs.whoTypeAll);
// Mark the collection as published
col.removeQproperty(AppleServerTags.publishUrl);
try {
getCols().update(col);
if (acl != null) {
getSvc().changeAccess(col, acl.getAces(), true);
}
} catch (final CalFacadeException cfe) {
throw cfe;
} catch (final Throwable t) {
throw new CalFacadeException(t);
}
}
Also used :
CalFacadeForbidden(org.bedework.calfacade.exc.CalFacadeForbidden)
Acl(org.bedework.access.Acl)
CalFacadeException(org.bedework.calfacade.exc.CalFacadeException)
Example 3 with Acl
use of org.bedework.access.Acl in project bw-calendar-engine by Bedework.
the class Sharing method setAccess.
private void setAccess(final BwCalendar col, final AddPrincipal ap) throws CalFacadeException {
try {
final String whoHref;
final int whoKind;
if (ap.pr != null) {
whoHref = ap.pr.getPrincipalRef();
whoKind = ap.pr.getKind();
} else {
// Read to all
whoHref = null;
whoKind = WhoDefs.whoTypeAll;
}
Acl acl = col.getCurrentAccess().getAcl();
final AceWho who = AceWho.getAceWho(whoHref, whoKind, false);
final Collection<Privilege> desiredPriv;
if (ap.forRead) {
desiredPriv = readPrivs;
} else {
desiredPriv = readWritePrivs;
}
/*
boolean removeCurrentPrivs = false;
for (Ace a: ainfo.acl.getAces()) {
if (a.getWho().equals(who)) {
if (a.getHow().equals(desiredPriv)) {
// Already have that access
return null;
}
removeCurrentPrivs = true;
}
}
if (removeCurrentPrivs) {
ainfo.acl = ainfo.acl.removeWho(who);
}
*/
Acl removed = acl.removeWho(who);
if (removed != null) {
acl = removed;
}
final BwPrincipal owner = getUsers().getPrincipal(col.getOwnerHref());
final AceWho ownerWho = AceWho.getAceWho(owner.getAccount(), owner.getKind(), false);
removed = acl.removeWho(ownerWho);
if (removed != null) {
acl = removed;
}
final Collection<Ace> aces = new ArrayList<>();
aces.addAll(acl.getAces());
aces.add(Ace.makeAce(who, desiredPriv, null));
aces.add(Ace.makeAce(ownerWho, allPrivs, null));
getSvc().changeAccess(col, aces, true);
if (!col.getInternalAlias()) {
return;
}
final BwCalendar target = getSvc().getCalendarsHandler().resolveAlias(col, false, false);
if (target != null) {
/* Switch identity to the sharee then reget the handler
* and do the share
*/
pushPrincipal(target.getOwnerHref());
try {
setAccess(target, ap);
} catch (final CalFacadeException cfe) {
throw cfe;
} catch (final Throwable t) {
throw new CalFacadeException(t);
} finally {
popPrincipal();
}
}
} catch (final AccessException ae) {
throw new CalFacadeException(ae);
}
}
Also used :
Ace(org.bedework.access.Ace)
ArrayList(java.util.ArrayList)
Acl(org.bedework.access.Acl)
BwCalendar(org.bedework.calfacade.BwCalendar)
CalFacadeException(org.bedework.calfacade.exc.CalFacadeException)
BwPrincipal(org.bedework.calfacade.BwPrincipal)
AccessException(org.bedework.access.AccessException)
AceWho(org.bedework.access.AceWho)
Privilege(org.bedework.access.Privilege)
Example 4 with Acl
use of org.bedework.access.Acl in project bw-calendar-engine by Bedework.
the class Sharing method removeAccess.
private boolean removeAccess(final BwCalendar col, final String principalHref) throws CalFacadeException {
Acl acl = col.getCurrentAccess().getAcl();
try {
if (Util.isEmpty(acl.getAces())) {
return false;
}
final BwPrincipal pr = caladdrToPrincipal(principalHref);
acl = removeAccess(acl, pr.getAccount(), pr.getKind());
if (acl == null) {
// no change
return false;
}
getSvc().changeAccess(col, acl.getAces(), true);
if (!col.getInternalAlias()) {
return true;
}
final BwCalendar target = getSvc().getCalendarsHandler().resolveAlias(col, false, false);
if (target == null) {
return false;
}
/* Switch identity to the sharee then reget the handler
* and do the share
*/
pushPrincipal(target.getOwnerHref());
try {
return removeAccess(target, principalHref);
} catch (final CalFacadeException cfe) {
throw cfe;
} catch (final Throwable t) {
throw new CalFacadeException(t);
} finally {
popPrincipal();
}
} catch (final AccessException ae) {
throw new CalFacadeException(ae);
}
}
Also used :
BwPrincipal(org.bedework.calfacade.BwPrincipal)
AccessException(org.bedework.access.AccessException)
Acl(org.bedework.access.Acl)
BwCalendar(org.bedework.calfacade.BwCalendar)
CalFacadeException(org.bedework.calfacade.exc.CalFacadeException)
Example 5 with Acl
use of org.bedework.access.Acl in project bw-calendar-engine by Bedework.
the class AccessUtil method getAclChars.
/* ====================================================================
* Private methods
* ==================================================================== */
/* If the entity is not a collection we merge the access in with the container
* access then return the merged aces. We do this because we call getPathInfo
* with a collection entity. That method will recurse up to the root.
*
* For a calendar we just use the access for the calendar.
*
* The calendar/container access might be cached in the pathInfoTable.
*/
private char[] getAclChars(final BwShareableDbentity<?> ent) throws CalFacadeException {
if ((!(ent instanceof BwEventProperty)) && (ent instanceof BwShareableContainedDbentity)) {
BwCalendar container;
if (ent instanceof BwCalendar) {
container = (BwCalendar) ent;
} else {
container = getParent((BwShareableContainedDbentity<?>) ent);
}
if (container == null) {
return null;
}
final String path = container.getPath();
CalendarWrapper wcol = (CalendarWrapper) container;
String aclStr;
char[] aclChars = null;
/* Get access for the parent first if we have one */
BwCalendar parent = getParent(wcol);
if (parent != null) {
aclStr = new String(merged(getAclChars(parent), parent.getPath(), wcol.getAccess()));
} else if (wcol.getAccess() != null) {
aclStr = wcol.getAccess();
} else {
// At root
throw new CalFacadeException("Collections must have default access set at root");
}
if (aclStr != null) {
aclChars = aclStr.toCharArray();
}
if (ent instanceof BwCalendar) {
return aclChars;
}
return merged(aclChars, path, ent.getAccess());
}
/* This is a way of making other objects sort of shareable.
* The objects are locations, sponsors and categories.
* (also calsuite)
*
* We store the default access in the owner principal and manipulate that to give
* us some degree of sharing.
*
* In effect, the owner becomes the container for the object.
*/
String aclString = null;
String entAccess = ent.getAccess();
BwPrincipal owner = (BwPrincipal) cb.getPrincipal(ent.getOwnerHref());
if (ent instanceof BwCategory) {
aclString = owner.getCategoryAccess();
} else if (ent instanceof BwLocation) {
aclString = owner.getLocationAccess();
} else if (ent instanceof BwContact) {
aclString = owner.getContactAccess();
}
if (aclString == null) {
if (entAccess == null) {
if (ent.getPublick()) {
return Access.getDefaultPublicAccess().toCharArray();
}
return Access.getDefaultPersonalAccess().toCharArray();
}
return entAccess.toCharArray();
}
if (entAccess == null) {
return aclString.toCharArray();
}
try {
Acl acl = Acl.decode(entAccess.toCharArray());
acl = acl.merge(aclString.toCharArray(), "/owner");
return acl.getEncoded();
} catch (Throwable t) {
throw new CalFacadeException(t);
}
}
Also used :
BwLocation(org.bedework.calfacade.BwLocation)
BwShareableContainedDbentity(org.bedework.calfacade.base.BwShareableContainedDbentity)
BwCategory(org.bedework.calfacade.BwCategory)
BwEventProperty(org.bedework.calfacade.BwEventProperty)
BwCalendar(org.bedework.calfacade.BwCalendar)
BwContact(org.bedework.calfacade.BwContact)
Acl(org.bedework.access.Acl)
CalFacadeException(org.bedework.calfacade.exc.CalFacadeException)
BwPrincipal(org.bedework.calfacade.BwPrincipal)
CalendarWrapper(org.bedework.calfacade.wrappers.CalendarWrapper)
Aggregations
Acl (org.bedework.access.Acl)7
CalFacadeException (org.bedework.calfacade.exc.CalFacadeException)6
BwCalendar (org.bedework.calfacade.BwCalendar)5
BwPrincipal (org.bedework.calfacade.BwPrincipal)5
Ace (org.bedework.access.Ace)4
ArrayList (java.util.ArrayList)3
AccessException (org.bedework.access.AccessException)3
Privilege (org.bedework.access.Privilege)3
AceWho (org.bedework.access.AceWho)2
BwAdminGroup (org.bedework.calfacade.svc.BwAdminGroup)2
BwCategory (org.bedework.calfacade.BwCategory)1
BwContact (org.bedework.calfacade.BwContact)1
BwEventProperty (org.bedework.calfacade.BwEventProperty)1
BwLocation (org.bedework.calfacade.BwLocation)1
BwShareableContainedDbentity (org.bedework.calfacade.base.BwShareableContainedDbentity)1
CalFacadeForbidden (org.bedework.calfacade.exc.CalFacadeForbidden)1
BwAuthUser (org.bedework.calfacade.svc.BwAuthUser)1
BwCalSuiteWrapper (org.bedework.calfacade.svc.wrappers.BwCalSuiteWrapper)1
CalendarWrapper (org.bedework.calfacade.wrappers.CalendarWrapper)1
