Example 1 with CurrentAccess
use of org.bedework.access.Acl.CurrentAccess in project bw-calendar-engine by Bedework.
the class Events method processExpanded.
private Collection<EventInfo> processExpanded(final Collection<EventInfo> events, final RecurringRetrievalMode recurRetrieval) throws CalFacadeException {
Collection<EventInfo> res = new ArrayList<>();
for (EventInfo ei : events) {
BwEvent ev = ei.getEvent();
if (!ev.getRecurring()) {
res.add(ei);
continue;
}
CurrentAccess ca = ei.getCurrentAccess();
Set<EventInfo> oveis = ei.getOverrides();
if (!Util.isEmpty(oveis)) {
for (EventInfo oei : oveis) {
if (oei.getEvent().inDateTimeRange(recurRetrieval.start.getDate(), recurRetrieval.end.getDate())) {
oei.setRetrievedEvent(ei);
res.add(oei);
}
}
}
/* Generate non-overridden instances. */
final Collection<Recurrence> instances = RecurUtil.getRecurrences(ei, getAuthpars().getMaxYears(), getAuthpars().getMaxInstances(), recurRetrieval.getStartDate(), recurRetrieval.getEndDate());
if (instances == null) {
return res;
}
for (final Recurrence rec : instances) {
if (rec.override != null) {
continue;
}
final BwEventAnnotation ann = new BwEventAnnotation();
ann.setDtstart(rec.start);
ann.setDtend(rec.end);
ann.setRecurrenceId(rec.recurrenceId);
ann.setOwnerHref(ev.getOwnerHref());
// Call it an override
ann.setOverride(true);
ann.setTombstoned(false);
ann.setName(ev.getName());
ann.setUid(ev.getUid());
ann.setTarget(ev);
ann.setMaster(ev);
final BwEvent proxy = new BwEventProxy(ann);
final EventInfo oei = new EventInfo(proxy);
oei.setCurrentAccess(ei.getCurrentAccess());
oei.setRetrievedEvent(ei);
res.add(oei);
}
}
return res;
}
Also used :
Recurrence(org.bedework.icalendar.RecurUtil.Recurrence)
CoreEventInfo(org.bedework.calcorei.CoreEventInfo)
EventInfo(org.bedework.calfacade.svc.EventInfo)
BwEventAnnotation(org.bedework.calfacade.BwEventAnnotation)
ArrayList(java.util.ArrayList)
BwEvent(org.bedework.calfacade.BwEvent)
CurrentAccess(org.bedework.access.Acl.CurrentAccess)
BwEventProxy(org.bedework.calfacade.BwEventProxy)
Example 2 with CurrentAccess
use of org.bedework.access.Acl.CurrentAccess in project bw-calendar-engine by Bedework.
the class AccessUtil method checkAccess.
@Override
public CurrentAccess checkAccess(final BwShareableDbentity<?> ent, final int desiredAccess, final boolean alwaysReturnResult) throws CalFacadeException {
if (ent == null) {
return null;
}
if (ent instanceof CalendarWrapper) {
final CalendarWrapper col = (CalendarWrapper) ent;
final CurrentAccess ca = col.getCurrentAccess(desiredAccess);
if (ca != null) {
if (debug) {
debug("Access " + desiredAccess + " already checked for " + cb.getPrincipal().getPrincipalRef() + " and allowed=" + ca.getAccessAllowed());
}
if (!ca.getAccessAllowed() && !alwaysReturnResult) {
throw new CalFacadeAccessException();
}
return ca;
}
}
if (debug) {
final String cname = ent.getClass().getName();
final String ident;
if (ent instanceof BwCalendar) {
ident = ((BwCalendar) ent).getPath();
} else {
ident = String.valueOf(ent.getId());
}
debug("Check access by " + cb.getPrincipal().getPrincipalRef() + " for object " + cname.substring(cname.lastIndexOf(".") + 1) + " ident=" + ident + " desiredAccess = " + desiredAccess);
}
try {
final long startTime = System.currentTimeMillis();
CurrentAccess ca = null;
final AccessPrincipal owner = cb.getPrincipal(ent.getOwnerHref());
if (debug) {
debug("After getPrincipal - took: " + (System.currentTimeMillis() - startTime));
}
if (owner == null) {
error("Principal(owner) " + ent.getOwnerHref() + " does not exist");
if (!alwaysReturnResult) {
throw new CalFacadeAccessException();
}
return new CurrentAccess(false);
}
PrivilegeSet maxPrivs = null;
char[] aclChars = null;
if (ent instanceof BwCalendar) {
final BwCalendar cal = (BwCalendar) ent;
final String path = cal.getPath();
/* I think this was wrong. For superuser we want to see the real
* access but they are going to be allowed access whatever.
if (userRootPath.equals(path)) {
ca = new CurrentAccess();
if (getSuperUser()) {
ca.privileges = PrivilegeSet.makeDefaultOwnerPrivileges();
} else {
ca.privileges = PrivilegeSet.makeDefaultNonOwnerPrivileges();
}
} else if (path.equals(userHomePathPrefix + account)){
// Accessing user home directory
if (getSuperUser()) {
ca = new CurrentAccess();
ca.privileges = PrivilegeSet.makeDefaultOwnerPrivileges();
} else {
// Set the maximumn access
maxPrivs = PrivilegeSet.userHomeMaxPrivileges;
}
}
*/
if (!cb.getSuperUser()) {
if (cb.getUserHomePath().equals(path)) {
ca = new CurrentAccess();
ca = Acl.defaultNonOwnerAccess;
} else if (path.equals(Util.buildPath(colPathEndsWithSlash, cb.getUserHomePath(), "/", owner.getAccount()))) {
// Accessing user home directory
// Set the maximumn access
maxPrivs = PrivilegeSet.userHomeMaxPrivileges;
}
}
}
if (maxPrivs == null) {
maxPrivs = cb.getMaximumAllowedPrivs();
} else if (cb.getMaximumAllowedPrivs() != null) {
maxPrivs = PrivilegeSet.filterPrivileges(maxPrivs, cb.getMaximumAllowedPrivs());
}
if (ca == null) {
/* Not special. getAclChars provides merged access for the current
* entity.
*/
aclChars = getAclChars(ent);
if (aclChars == null) {
error("Unable to fetch aclchars for " + ent);
if (!alwaysReturnResult) {
throw new CalFacadeAccessException();
}
return new CurrentAccess(false);
}
if (debug) {
debug("aclChars = " + new String(aclChars));
}
if (desiredAccess == privAny) {
ca = access.checkAny(cb, cb.getPrincipal(), owner, aclChars, maxPrivs);
} else if (desiredAccess == privRead) {
ca = access.checkRead(cb, cb.getPrincipal(), owner, aclChars, maxPrivs);
} else if (desiredAccess == privWrite) {
ca = access.checkReadWrite(cb, cb.getPrincipal(), owner, aclChars, maxPrivs);
} else {
ca = access.evaluateAccess(cb, cb.getPrincipal(), owner, desiredAccess, aclChars, maxPrivs);
}
}
if ((cb.getPrincipal() != null) && cb.getSuperUser()) {
/* Override rather than just create a readable access as code further
* up expects a valid filled in object.
*/
if (debug && !ca.getAccessAllowed()) {
debug("Override for superuser");
}
ca = Acl.forceAccessAllowed(ca);
}
if (ent instanceof CalendarWrapper) {
final CalendarWrapper col = (CalendarWrapper) ent;
col.setCurrentAccess(ca, desiredAccess);
}
if (debug) {
debug("access allowed: " + ca.getAccessAllowed());
}
if (!ca.getAccessAllowed() && !alwaysReturnResult) {
throw new CalFacadeAccessException();
}
return ca;
} catch (final CalFacadeException cfe) {
throw cfe;
} catch (final Throwable t) {
throw new CalFacadeException(t);
}
}
Also used :
PrivilegeSet(org.bedework.access.PrivilegeSet)
CurrentAccess(org.bedework.access.Acl.CurrentAccess)
CalendarWrapper(org.bedework.calfacade.wrappers.CalendarWrapper)
BwCalendar(org.bedework.calfacade.BwCalendar)
CalFacadeAccessException(org.bedework.calfacade.exc.CalFacadeAccessException)
AccessPrincipal(org.bedework.access.AccessPrincipal)
CalFacadeException(org.bedework.calfacade.exc.CalFacadeException)
Example 3 with CurrentAccess
use of org.bedework.access.Acl.CurrentAccess in project bw-calendar-engine by Bedework.
the class CalintfHelper method getEntityCollection.
protected BwCalendar getEntityCollection(final String path, final int nonSchedAccess, final boolean scheduling, final boolean alwaysReturn) throws CalFacadeException {
final int desiredAccess;
if (!scheduling) {
desiredAccess = nonSchedAccess;
} else {
desiredAccess = privAny;
}
final BwCalendar cal = getCollection(path, desiredAccess, alwaysReturn | scheduling);
if (cal == null) {
return null;
}
if (!cal.getCalendarCollection()) {
throwException(new CalFacadeAccessException());
}
if (!scheduling) {
return cal;
}
CurrentAccess ca;
final AccessUtilI access = ac.getAccessUtil();
if ((cal.getCalType() == BwCalendar.calTypeInbox) || (cal.getCalType() == BwCalendar.calTypePendingInbox)) {
ca = access.checkAccess(cal, privScheduleDeliver, true);
if (!ca.getAccessAllowed()) {
// try old style
ca = access.checkAccess(cal, privScheduleRequest, alwaysReturn);
}
} else if (cal.getCalType() == BwCalendar.calTypeOutbox) {
ca = access.checkAccess(cal, privScheduleSend, true);
if (!ca.getAccessAllowed()) {
// try old style
ca = access.checkAccess(cal, privScheduleReply, alwaysReturn);
}
} else {
throw new CalFacadeAccessException();
}
if (!ca.getAccessAllowed()) {
return null;
}
return cal;
}
Also used :
AccessUtilI(org.bedework.calfacade.util.AccessUtilI)
CurrentAccess(org.bedework.access.Acl.CurrentAccess)
BwCalendar(org.bedework.calfacade.BwCalendar)
CalFacadeAccessException(org.bedework.calfacade.exc.CalFacadeAccessException)
Example 4 with CurrentAccess
use of org.bedework.access.Acl.CurrentAccess in project bw-calendar-engine by Bedework.
the class CoreCalendars method getSyncToken.
@Override
public String getSyncToken(final String path) throws CalFacadeException {
final BwCalendar thisCol = getCalendar(path, privAny, false);
if (thisCol == null) {
return null;
}
/* Because we don't have a trailing "/" on the paths the path
prefix may pull in more than we want. We have to check the path on
return.
For example - if path is /a/x - we might get /a/x/y but we might
also get /a/xxx/y
*/
// Removes "/"
final String fpath = fixPath(path);
final String fpathSlash = fpath + "/";
@SuppressWarnings("unchecked") final List<BwCalendar> cols = dao.getPathPrefix(fpath);
String token = thisCol.getLastmod().getTagValue();
for (final BwCalendar col : cols) {
final String colPath = col.getPath();
if (!colPath.equals(fpath) && !colPath.startsWith(fpathSlash)) {
continue;
}
final BwCalendar wcol = wrap(col);
final CurrentAccess ca = ac.checkAccess(wcol, privAny, true);
if (!ca.getAccessAllowed()) {
continue;
}
final String t = col.getLastmod().getTagValue();
if (t.compareTo(token) > 0) {
token = t;
}
}
return token;
}
Also used :
CurrentAccess(org.bedework.access.Acl.CurrentAccess)
BwCalendar(org.bedework.calfacade.BwCalendar)
Example 5 with CurrentAccess
use of org.bedework.access.Acl.CurrentAccess in project bw-calendar-engine by Bedework.
the class CoreEvents method getSynchEvents.
@Override
public Set<CoreEventInfo> getSynchEvents(final String path, final String token) throws CalFacadeException {
if (path == null) {
dao.rollback();
throw new CalFacadeBadRequest("Missing path");
}
final String fpath = fixPath(path);
final BwCalendar col = getCollection(fpath);
ac.checkAccess(col, privAny, false);
@SuppressWarnings("unchecked") final List<BwEvent> evs = dao.getSynchEventObjects(fpath, token);
if (debug) {
trace(" ----------- number evs = " + evs.size());
}
final Set<CoreEventInfo> res = new TreeSet<>();
for (final BwEvent ev : evs) {
final CurrentAccess ca = new CurrentAccess(true);
res.add(new CoreEventInfo(ev, ca));
}
return res;
}
Also used :
CalFacadeBadRequest(org.bedework.calfacade.exc.CalFacadeBadRequest)
CoreEventInfo(org.bedework.calcorei.CoreEventInfo)
TreeSet(java.util.TreeSet)
BwEvent(org.bedework.calfacade.BwEvent)
CurrentAccess(org.bedework.access.Acl.CurrentAccess)
BwCalendar(org.bedework.calfacade.BwCalendar)
Aggregations
CurrentAccess (org.bedework.access.Acl.CurrentAccess)10
BwCalendar (org.bedework.calfacade.BwCalendar)6
TreeSet (java.util.TreeSet)3
CoreEventInfo (org.bedework.calcorei.CoreEventInfo)3
BwEvent (org.bedework.calfacade.BwEvent)3
BwEventAnnotation (org.bedework.calfacade.BwEventAnnotation)2
CalFacadeAccessException (org.bedework.calfacade.exc.CalFacadeAccessException)2
ArrayList (java.util.ArrayList)1
HashSet (java.util.HashSet)1
Period (net.fortuna.ical4j.model.Period)1
AccessPrincipal (org.bedework.access.AccessPrincipal)1
PrivilegeSet (org.bedework.access.PrivilegeSet)1
BwDateTime (org.bedework.calfacade.BwDateTime)1
BwEventProxy (org.bedework.calfacade.BwEventProxy)1
BwPrincipal (org.bedework.calfacade.BwPrincipal)1
BwRecurrenceInstance (org.bedework.calfacade.BwRecurrenceInstance)1
BwResource (org.bedework.calfacade.BwResource)1
CalFacadeBadRequest (org.bedework.calfacade.exc.CalFacadeBadRequest)1
CalFacadeException (org.bedework.calfacade.exc.CalFacadeException)1
BwAdminGroup (org.bedework.calfacade.svc.BwAdminGroup)1
