Examples with Privilege org.bedework.access.Privilege used on opensource projects

Example 1 with Privilege

use of org.bedework.access.Privilege in project bw-calendar-engine by Bedework.

the class CalSuites method validateGroup.

/**
 * Ensure the given group is valid for the given calendar suite
 *
 * @param cs
 * @param groupName
 * @return home for the group
 * @throws CalFacadeException
 */
private BwCalendar validateGroup(final BwCalSuite cs, final String groupName) throws CalFacadeException {
    if (groupName.length() > BwCalSuite.maxNameLength) {
        throw new CalFacadeException(CalFacadeException.calsuiteGroupNameTooLong);
    }
    BwAdminGroup agrp = (BwAdminGroup) getSvc().getAdminDirectories().findGroup(groupName);
    if (agrp == null) {
        throw new CalFacadeException(CalFacadeException.groupNotFound, groupName);
    }
    final BwCalSuiteWrapper csw = get(agrp);
    if ((csw != null) && !csw.equals(cs)) {
        // Group already assigned to another cal suite
        throw new CalFacadeException(CalFacadeException.calsuiteGroupAssigned, csw.getName());
    }
    final BwPrincipal eventsOwner = getPrincipal(agrp.getOwnerHref());
    if (eventsOwner == null) {
        throw new CalFacadeException(CalFacadeException.calsuiteBadowner);
    }
    final BwCalendar home = getCols().getHomeDb(eventsOwner, true);
    if (home == null) {
        throw new CalFacadeException(CalFacadeException.missingGroupOwnerHome);
    }
    cs.setGroup(agrp);
    /* Change access on the home for the events creator which is also the
     * owner of the calsuite resources.
     */
    final Collection<Privilege> allPrivs = new ArrayList<>();
    allPrivs.add(Access.all);
    final Collection<Privilege> readPrivs = new ArrayList<>();
    readPrivs.add(Access.read);
    final Collection<Ace> aces = new ArrayList<>();
    try {
        aces.add(Ace.makeAce(AceWho.owner, allPrivs, null));
        aces.add(Ace.makeAce(AceWho.getAceWho(eventsOwner.getAccount(), WhoDefs.whoTypeUser, false), allPrivs, null));
        aces.add(Ace.makeAce(AceWho.getAceWho(null, WhoDefs.whoTypeAuthenticated, false), readPrivs, null));
        aces.add(Ace.makeAce(AceWho.all, readPrivs, null));
        getSvc().changeAccess(home, aces, true);
        /* Same access to the calsuite itself */
        getSvc().changeAccess(cs, aces, true);
        /* Also set access so that categories, locations etc are readable */
        final String aclStr = new String(new Acl(aces).encode());
        eventsOwner.setCategoryAccess(aclStr);
        eventsOwner.setLocationAccess(aclStr);
        eventsOwner.setContactAccess(aclStr);
    } catch (final AccessException ae) {
        throw new CalFacadeException(ae);
    }
    getSvc().getUsersHandler().update(eventsOwner);
    return home;
}

Example 2 with Privilege

use of org.bedework.access.Privilege in project bw-calendar-engine by Bedework.

the class Sharing method setAccess.

private void setAccess(final BwCalendar col, final AddPrincipal ap) throws CalFacadeException {
    try {
        final String whoHref;
        final int whoKind;
        if (ap.pr != null) {
            whoHref = ap.pr.getPrincipalRef();
            whoKind = ap.pr.getKind();
        } else {
            // Read to all
            whoHref = null;
            whoKind = WhoDefs.whoTypeAll;
        }
        Acl acl = col.getCurrentAccess().getAcl();
        final AceWho who = AceWho.getAceWho(whoHref, whoKind, false);
        final Collection<Privilege> desiredPriv;
        if (ap.forRead) {
            desiredPriv = readPrivs;
        } else {
            desiredPriv = readWritePrivs;
        }
        /*
      boolean removeCurrentPrivs = false;

      for (Ace a: ainfo.acl.getAces()) {
        if (a.getWho().equals(who)) {
          if (a.getHow().equals(desiredPriv)) {
            // Already have that access
            return null;
          }

          removeCurrentPrivs = true;
        }
      }

      if (removeCurrentPrivs) {
        ainfo.acl = ainfo.acl.removeWho(who);
      }
      */
        Acl removed = acl.removeWho(who);
        if (removed != null) {
            acl = removed;
        }
        final BwPrincipal owner = getUsers().getPrincipal(col.getOwnerHref());
        final AceWho ownerWho = AceWho.getAceWho(owner.getAccount(), owner.getKind(), false);
        removed = acl.removeWho(ownerWho);
        if (removed != null) {
            acl = removed;
        }
        final Collection<Ace> aces = new ArrayList<>();
        aces.addAll(acl.getAces());
        aces.add(Ace.makeAce(who, desiredPriv, null));
        aces.add(Ace.makeAce(ownerWho, allPrivs, null));
        getSvc().changeAccess(col, aces, true);
        if (!col.getInternalAlias()) {
            return;
        }
        final BwCalendar target = getSvc().getCalendarsHandler().resolveAlias(col, false, false);
        if (target != null) {
            /* Switch identity to the sharee then reget the handler
         * and do the share
         */
            pushPrincipal(target.getOwnerHref());
            try {
                setAccess(target, ap);
            } catch (final CalFacadeException cfe) {
                throw cfe;
            } catch (final Throwable t) {
                throw new CalFacadeException(t);
            } finally {
                popPrincipal();
            }
        }
    } catch (final AccessException ae) {
        throw new CalFacadeException(ae);
    }
}

Example 3 with Privilege

use of org.bedework.access.Privilege in project bw-calendar-engine by Bedework.

the class Restore method createNewSystem.

private void createNewSystem() throws Throwable {
    // Create the public user.
    final BwPrincipal pu = BwPrincipal.makeUserPrincipal();
    pu.setAccount(BwPrincipal.publicUser);
    globals.setPrincipalHref(pu);
    globals.rintf.restorePrincipal(pu);
    // Create the root user.
    final BwPrincipal rootUser = BwPrincipal.makeUserPrincipal();
    rootUser.setAccount(rootId);
    globals.setPrincipalHref(rootUser);
    globals.rintf.restorePrincipal(rootUser);
    // Create the an authuser entry for the root user.
    final BwAuthUser au = new BwAuthUser();
    au.setUserHref(rootUser.getPrincipalRef());
    au.setUsertype(UserAuth.allAuth);
    au.setPrefs(BwAuthUserPrefs.makeAuthUserPrefs());
    globals.rintf.restoreAuthUser(au);
    // Create a group for all public admin groups
    final BwAdminGroup g = new BwAdminGroup();
    final String publicAdminGroupsAccount = // XXX Put into config
    "publicAdminGroups";
    g.setAccount(publicAdminGroupsAccount);
    g.setGroupOwnerHref(pu.getPrincipalRef());
    g.setOwnerHref(pu.getPrincipalRef());
    if (!globals.onlyUsersMap.check(g.getGroupOwnerHref())) {
        g.setGroupOwnerHref(globals.getPublicUser().getPrincipalRef());
    }
    globals.rintf.restoreAdminGroup(g);
    // Create the public root.
    final Collection<Privilege> privs = new ArrayList<>();
    privs.add(Privileges.makePriv(PrivilegeDefs.privRead));
    final Collection<Ace> aces = new ArrayList<>();
    aces.add(Ace.makeAce(AceWho.other, privs, null));
    privs.clear();
    privs.add(Privileges.makePriv(PrivilegeDefs.privRead));
    privs.add(Privileges.makePriv(PrivilegeDefs.privWriteContent));
    final AceWho who = AceWho.getAceWho(publicAdminGroupsAccount, WhoDefs.whoTypeGroup, false);
    aces.add(Ace.makeAce(who, privs, null));
    makeCal(null, pu, BwCalendar.calTypeFolder, RestoreGlobals.getBasicSyspars().getPublicCalendarRoot(), new String(new Acl(aces).encode()));
    // Create the user root.
    privs.clear();
    privs.add(Privileges.makePriv(PrivilegeDefs.privAll));
    aces.clear();
    aces.add(Ace.makeAce(AceWho.owner, privs, null));
    final BwCalendar userRoot = makeCal(null, pu, BwCalendar.calTypeFolder, RestoreGlobals.getBasicSyspars().getUserCalendarRoot(), new String(new Acl(aces).encode()));
    makeUserHome(userRoot, pu);
    makeUserHome(userRoot, rootUser);
}

Example 4 with Privilege

use of org.bedework.access.Privilege in project bw-calendar-engine by Bedework.

the class CalSuites method getResourcesDir.

/* ====================================================================
   *                   Private methods
   *  =================================================================== */
private BwCalendar getResourcesDir(final BwCalSuite suite, final ResourceClass cl) throws CalFacadeException {
    String path = getResourcesPath(suite, cl);
    if (path == null) {
        throw new CalFacadeException(CalFacadeException.noCalsuiteResCol);
    }
    BwCalendar resCol = getCols().get(path);
    if (resCol != null) {
        return resCol;
    }
    /* Create the collection. All are world readable. The calsuite class
     * collection is writable to the calsuite owner.
     */
    resCol = new BwCalendar();
    resCol.setName(path.substring(path.lastIndexOf("/") + 1));
    resCol.setSummary(resCol.getName());
    resCol.setCreatorHref(suite.getOwnerHref());
    if (cl == ResourceClass.calsuite) {
        // Owned by the suite
        resCol.setOwnerHref(suite.getOwnerHref());
    } else {
        resCol.setOwnerHref(getPublicUser().getPrincipalRef());
    }
    String parentPath = path.substring(0, path.lastIndexOf("/"));
    resCol = getCols().add(resCol, parentPath);
    try {
        Collection<Privilege> readPrivs = new ArrayList<Privilege>();
        readPrivs.add(Access.read);
        Collection<Ace> aces = new ArrayList<Ace>();
        aces.add(Ace.makeAce(AceWho.all, readPrivs, null));
        getSvc().changeAccess(resCol, aces, true);
    } catch (AccessException ae) {
        throw new CalFacadeException(ae);
    }
    return resCol;
}