Search in sources :

Example 1 with CalendarWrapper

use of org.bedework.calfacade.wrappers.CalendarWrapper in project bw-calendar-engine by Bedework.

the class AccessUtil method checkAccess.

@Override
public CurrentAccess checkAccess(final BwShareableDbentity<?> ent, final int desiredAccess, final boolean alwaysReturnResult) throws CalFacadeException {
    if (ent == null) {
        return null;
    }
    if (ent instanceof CalendarWrapper) {
        final CalendarWrapper col = (CalendarWrapper) ent;
        final CurrentAccess ca = col.getCurrentAccess(desiredAccess);
        if (ca != null) {
            if (debug) {
                debug("Access " + desiredAccess + " already checked for " + cb.getPrincipal().getPrincipalRef() + " and allowed=" + ca.getAccessAllowed());
            }
            if (!ca.getAccessAllowed() && !alwaysReturnResult) {
                throw new CalFacadeAccessException();
            }
            return ca;
        }
    }
    if (debug) {
        final String cname = ent.getClass().getName();
        final String ident;
        if (ent instanceof BwCalendar) {
            ident = ((BwCalendar) ent).getPath();
        } else {
            ident = String.valueOf(ent.getId());
        }
        debug("Check access by " + cb.getPrincipal().getPrincipalRef() + " for object " + cname.substring(cname.lastIndexOf(".") + 1) + " ident=" + ident + " desiredAccess = " + desiredAccess);
    }
    try {
        final long startTime = System.currentTimeMillis();
        CurrentAccess ca = null;
        final AccessPrincipal owner = cb.getPrincipal(ent.getOwnerHref());
        if (debug) {
            debug("After getPrincipal - took: " + (System.currentTimeMillis() - startTime));
        }
        if (owner == null) {
            error("Principal(owner) " + ent.getOwnerHref() + " does not exist");
            if (!alwaysReturnResult) {
                throw new CalFacadeAccessException();
            }
            return new CurrentAccess(false);
        }
        PrivilegeSet maxPrivs = null;
        char[] aclChars = null;
        if (ent instanceof BwCalendar) {
            final BwCalendar cal = (BwCalendar) ent;
            final String path = cal.getPath();
            /* I think this was wrong. For superuser we want to see the real
         * access but they are going to be allowed access whatever.
        if (userRootPath.equals(path)) {
          ca = new CurrentAccess();

          if (getSuperUser()) {
            ca.privileges = PrivilegeSet.makeDefaultOwnerPrivileges();
          } else {
            ca.privileges = PrivilegeSet.makeDefaultNonOwnerPrivileges();
          }
        } else if (path.equals(userHomePathPrefix + account)){
          // Accessing user home directory
          if (getSuperUser()) {
            ca = new CurrentAccess();

            ca.privileges = PrivilegeSet.makeDefaultOwnerPrivileges();
          } else {
            // Set the maximumn access
            maxPrivs = PrivilegeSet.userHomeMaxPrivileges;
          }
        }
         */
            if (!cb.getSuperUser()) {
                if (cb.getUserHomePath().equals(path)) {
                    ca = new CurrentAccess();
                    ca = Acl.defaultNonOwnerAccess;
                } else if (path.equals(Util.buildPath(colPathEndsWithSlash, cb.getUserHomePath(), "/", owner.getAccount()))) {
                    // Accessing user home directory
                    // Set the maximumn access
                    maxPrivs = PrivilegeSet.userHomeMaxPrivileges;
                }
            }
        }
        if (maxPrivs == null) {
            maxPrivs = cb.getMaximumAllowedPrivs();
        } else if (cb.getMaximumAllowedPrivs() != null) {
            maxPrivs = PrivilegeSet.filterPrivileges(maxPrivs, cb.getMaximumAllowedPrivs());
        }
        if (ca == null) {
            /* Not special. getAclChars provides merged access for the current
         * entity.
         */
            aclChars = getAclChars(ent);
            if (aclChars == null) {
                error("Unable to fetch aclchars for " + ent);
                if (!alwaysReturnResult) {
                    throw new CalFacadeAccessException();
                }
                return new CurrentAccess(false);
            }
            if (debug) {
                debug("aclChars = " + new String(aclChars));
            }
            if (desiredAccess == privAny) {
                ca = access.checkAny(cb, cb.getPrincipal(), owner, aclChars, maxPrivs);
            } else if (desiredAccess == privRead) {
                ca = access.checkRead(cb, cb.getPrincipal(), owner, aclChars, maxPrivs);
            } else if (desiredAccess == privWrite) {
                ca = access.checkReadWrite(cb, cb.getPrincipal(), owner, aclChars, maxPrivs);
            } else {
                ca = access.evaluateAccess(cb, cb.getPrincipal(), owner, desiredAccess, aclChars, maxPrivs);
            }
        }
        if ((cb.getPrincipal() != null) && cb.getSuperUser()) {
            /* Override rather than just create a readable access as code further
         * up expects a valid filled in object.
         */
            if (debug && !ca.getAccessAllowed()) {
                debug("Override for superuser");
            }
            ca = Acl.forceAccessAllowed(ca);
        }
        if (ent instanceof CalendarWrapper) {
            final CalendarWrapper col = (CalendarWrapper) ent;
            col.setCurrentAccess(ca, desiredAccess);
        }
        if (debug) {
            debug("access allowed: " + ca.getAccessAllowed());
        }
        if (!ca.getAccessAllowed() && !alwaysReturnResult) {
            throw new CalFacadeAccessException();
        }
        return ca;
    } catch (final CalFacadeException cfe) {
        throw cfe;
    } catch (final Throwable t) {
        throw new CalFacadeException(t);
    }
}
Also used : PrivilegeSet(org.bedework.access.PrivilegeSet) CurrentAccess(org.bedework.access.Acl.CurrentAccess) CalendarWrapper(org.bedework.calfacade.wrappers.CalendarWrapper) BwCalendar(org.bedework.calfacade.BwCalendar) CalFacadeAccessException(org.bedework.calfacade.exc.CalFacadeAccessException) AccessPrincipal(org.bedework.access.AccessPrincipal) CalFacadeException(org.bedework.calfacade.exc.CalFacadeException)

Example 2 with CalendarWrapper

use of org.bedework.calfacade.wrappers.CalendarWrapper in project bw-calendar-engine by Bedework.

the class AccessUtil method getAclChars.

/* ====================================================================
   *                   Private methods
   * ==================================================================== */
/* If the entity is not a collection we merge the access in with the container
   * access then return the merged aces. We do this because we call getPathInfo
   * with a collection entity. That method will recurse up to the root.
   *
   * For a calendar we just use the access for the calendar.
   *
   * The calendar/container access might be cached in the pathInfoTable.
   */
private char[] getAclChars(final BwShareableDbentity<?> ent) throws CalFacadeException {
    if ((!(ent instanceof BwEventProperty)) && (ent instanceof BwShareableContainedDbentity)) {
        BwCalendar container;
        if (ent instanceof BwCalendar) {
            container = (BwCalendar) ent;
        } else {
            container = getParent((BwShareableContainedDbentity<?>) ent);
        }
        if (container == null) {
            return null;
        }
        final String path = container.getPath();
        CalendarWrapper wcol = (CalendarWrapper) container;
        String aclStr;
        char[] aclChars = null;
        /* Get access for the parent first if we have one */
        BwCalendar parent = getParent(wcol);
        if (parent != null) {
            aclStr = new String(merged(getAclChars(parent), parent.getPath(), wcol.getAccess()));
        } else if (wcol.getAccess() != null) {
            aclStr = wcol.getAccess();
        } else {
            // At root
            throw new CalFacadeException("Collections must have default access set at root");
        }
        if (aclStr != null) {
            aclChars = aclStr.toCharArray();
        }
        if (ent instanceof BwCalendar) {
            return aclChars;
        }
        return merged(aclChars, path, ent.getAccess());
    }
    /* This is a way of making other objects sort of shareable.
     * The objects are locations, sponsors and categories.
     * (also calsuite)
     *
     * We store the default access in the owner principal and manipulate that to give
     * us some degree of sharing.
     *
     * In effect, the owner becomes the container for the object.
     */
    String aclString = null;
    String entAccess = ent.getAccess();
    BwPrincipal owner = (BwPrincipal) cb.getPrincipal(ent.getOwnerHref());
    if (ent instanceof BwCategory) {
        aclString = owner.getCategoryAccess();
    } else if (ent instanceof BwLocation) {
        aclString = owner.getLocationAccess();
    } else if (ent instanceof BwContact) {
        aclString = owner.getContactAccess();
    }
    if (aclString == null) {
        if (entAccess == null) {
            if (ent.getPublick()) {
                return Access.getDefaultPublicAccess().toCharArray();
            }
            return Access.getDefaultPersonalAccess().toCharArray();
        }
        return entAccess.toCharArray();
    }
    if (entAccess == null) {
        return aclString.toCharArray();
    }
    try {
        Acl acl = Acl.decode(entAccess.toCharArray());
        acl = acl.merge(aclString.toCharArray(), "/owner");
        return acl.getEncoded();
    } catch (Throwable t) {
        throw new CalFacadeException(t);
    }
}
Also used : BwLocation(org.bedework.calfacade.BwLocation) BwShareableContainedDbentity(org.bedework.calfacade.base.BwShareableContainedDbentity) BwCategory(org.bedework.calfacade.BwCategory) BwEventProperty(org.bedework.calfacade.BwEventProperty) BwCalendar(org.bedework.calfacade.BwCalendar) BwContact(org.bedework.calfacade.BwContact) Acl(org.bedework.access.Acl) CalFacadeException(org.bedework.calfacade.exc.CalFacadeException) BwPrincipal(org.bedework.calfacade.BwPrincipal) CalendarWrapper(org.bedework.calfacade.wrappers.CalendarWrapper)

Example 3 with CalendarWrapper

use of org.bedework.calfacade.wrappers.CalendarWrapper in project bw-calendar-engine by Bedework.

the class CoreEvents method deleteEvent.

@Override
public DelEventResult deleteEvent(final EventInfo ei, final boolean scheduling, final boolean reallyDelete) throws CalFacadeException {
    final DelEventResult der = new DelEventResult(false, 0);
    BwEvent ev = ei.getEvent();
    final boolean isMaster = ev.testRecurring() && (ev.getRecurrenceId() == null);
    final boolean isInstance = (ev.getRecurrenceId() != null) && (ev instanceof BwEventProxy);
    if (!isInstance && ev.unsaved()) {
        final CoreEventInfo cei = getEvent(ev.getColPath(), ev.getName(), RecurringRetrievalMode.overrides);
        if (cei == null) {
            return der;
        }
        ev = cei.getEvent();
    }
    final long startTime = System.currentTimeMillis();
    final int desiredAccess;
    final boolean shared;
    try {
        final BwCalendar col = getEntityCollection(ev.getColPath(), privAny, scheduling, false);
        shared = col.getPublick() || col.getShared();
        if (!scheduling) {
            desiredAccess = privUnbind;
        } else {
            /* Delete message while tidying up in/outbox.
         * Set desiredAccess to something that works.
         *  */
            final CalendarWrapper cw = (CalendarWrapper) col;
            desiredAccess = cw.getLastDesiredAccess();
        }
        ac.checkAccess(ev, desiredAccess, false);
    } catch (final CalFacadeException cfe) {
        dao.rollback();
        throw cfe;
    }
    if (!reallyDelete && ev.getTombstoned()) {
        // no-op - just pretend
        der.eventDeleted = true;
        return der;
    }
    if (isMaster) {
        // Master event - delete all instances and overrides.
        deleteInstances(ev, shared);
        notifyDelete(reallyDelete, ev, shared);
        if (reallyDelete) {
            dao.delete(ev);
        } else {
            tombstoneEvent(ev);
        }
        der.eventDeleted = true;
        stat(StatsEvent.deleteTime, startTime);
        unindexEntity(ei);
        return der;
    }
    if (isInstance) {
        /* Deleting a single instance. Delete any overrides, delete the instance
       * and add an exdate to the master.
       */
        final BwEventProxy proxy = (BwEventProxy) ev;
        final BwEventAnnotation ann = proxy.getRef();
        BwEvent master = ann.getMaster();
        if (master.unsaved()) {
            final CoreEventInfo cei = getEvent(master.getColPath(), master.getName(), RecurringRetrievalMode.overrides);
            if (cei == null) {
                return der;
            }
            master = cei.getEvent();
        }
        /* Fetch the instance so we can delete it */
        final BwRecurrenceInstance inst = dao.getInstance(master, ev.getRecurrenceId());
        if (inst == null) {
            stat(StatsEvent.deleteTime, startTime);
            return der;
        }
        notifyDelete(true, ev, shared);
        dao.delete(inst);
        if (!ann.unsaved()) {
            // der.alarmsDeleted = deleteAlarms(ann);
            ann.getAttendees().clear();
            dao.delete(ann);
        }
        final BwDateTime instDate = inst.getDtstart();
        if (!master.getRdates().remove(instDate)) {
            // Wasn't an rdate event
            master.addExdate(instDate);
        }
        master.updateLastmod();
        dao.update(master);
        der.eventDeleted = true;
        stat(StatsEvent.deleteTime, startTime);
        indexEntity(ei.getRetrievedEvent());
        return der;
    }
    // Single non recurring event.
    BwEvent deletee = ev;
    if (ev instanceof BwEventProxy) {
        // Deleting an annotation
        deletee = ((BwEventProxy) ev).getRef();
    }
    // I think we need something like this -- fixReferringAnnotations(deletee);
    // XXX This could be wrong.
    /* If this is a proxy we should only delete alarmas attached to the
     * proxy - any attached to the underlying event should be left alone.
     */
    // der.alarmsDeleted = deleteAlarms(deletee);
    // sess.delete(sess.merge(deletee));
    notifyDelete(reallyDelete, ev, shared);
    if (reallyDelete) {
        clearCollection(ev.getAttendees());
        dao.delete(deletee);
    } else {
        tombstoneEvent(deletee);
    }
    der.eventDeleted = true;
    stat(StatsEvent.deleteTime, startTime);
    unindexEntity(ei);
    return der;
}
Also used : BwDateTime(org.bedework.calfacade.BwDateTime) CoreEventInfo(org.bedework.calcorei.CoreEventInfo) BwEvent(org.bedework.calfacade.BwEvent) BwCalendar(org.bedework.calfacade.BwCalendar) BwEventProxy(org.bedework.calfacade.BwEventProxy) CalFacadeException(org.bedework.calfacade.exc.CalFacadeException) BwRecurrenceInstance(org.bedework.calfacade.BwRecurrenceInstance) BwEventAnnotation(org.bedework.calfacade.BwEventAnnotation) CalendarWrapper(org.bedework.calfacade.wrappers.CalendarWrapper)

Example 4 with CalendarWrapper

use of org.bedework.calfacade.wrappers.CalendarWrapper in project bw-calendar-engine by Bedework.

the class CalintfImpl method reAttach.

@Override
public void reAttach(BwDbentity val) throws CalFacadeException {
    if (val instanceof CalendarWrapper) {
        final CalendarWrapper ccw = (CalendarWrapper) val;
        val = ccw.fetchEntity();
    }
    sess.reAttach(val);
}
Also used : CalendarWrapper(org.bedework.calfacade.wrappers.CalendarWrapper)

Example 5 with CalendarWrapper

use of org.bedework.calfacade.wrappers.CalendarWrapper in project bw-calendar-engine by Bedework.

the class CoreCalendars method getCollection.

@Override
public BwCalendar getCollection(final String path) throws CalFacadeException {
    if (path == null) {
        return null;
    }
    BwCalendar col = colCache.get(path);
    if (col != null) {
        return col;
    }
    col = dao.getCollection(path);
    if (col == null) {
        if (path.equals("/")) {
            // Fake a root collection
            col = new BwCalendar();
            col.setPath("/");
            // Use this for owner/creator
            final BwCalendar userRoot = getCollection(userCalendarRootPath);
            if (userRoot == null) {
                return null;
            }
            col.setOwnerHref(userRoot.getOwnerHref());
            col.setCreatorHref(userRoot.getCreatorHref());
            col.setAccess(Access.getDefaultPublicAccess());
        } else if (!getPrincipal().getUnauthenticated()) {
            /* Didn't find it. Is this a special collection we should create,
           Only try this if authenticated.
         */
            final GetSpecialCalendarResult gscr = getIfSpecial(getPrincipal(), path);
            if (gscr == null) {
                return null;
            }
            col = gscr.cal;
        } else {
            return null;
        }
    }
    final CalendarWrapper wcol = wrap(col);
    if (wcol != null) {
        colCache.put(wcol);
    }
    return wcol;
}
Also used : BwCalendar(org.bedework.calfacade.BwCalendar) CalendarWrapper(org.bedework.calfacade.wrappers.CalendarWrapper)

Aggregations

CalendarWrapper (org.bedework.calfacade.wrappers.CalendarWrapper)8 BwCalendar (org.bedework.calfacade.BwCalendar)7 CalFacadeException (org.bedework.calfacade.exc.CalFacadeException)4 ArrayList (java.util.ArrayList)1 AccessPrincipal (org.bedework.access.AccessPrincipal)1 Acl (org.bedework.access.Acl)1 CurrentAccess (org.bedework.access.Acl.CurrentAccess)1 PrivilegeSet (org.bedework.access.PrivilegeSet)1 CoreEventInfo (org.bedework.calcorei.CoreEventInfo)1 BwCategory (org.bedework.calfacade.BwCategory)1 BwContact (org.bedework.calfacade.BwContact)1 BwDateTime (org.bedework.calfacade.BwDateTime)1 BwEvent (org.bedework.calfacade.BwEvent)1 BwEventAnnotation (org.bedework.calfacade.BwEventAnnotation)1 BwEventProperty (org.bedework.calfacade.BwEventProperty)1 BwEventProxy (org.bedework.calfacade.BwEventProxy)1 BwLocation (org.bedework.calfacade.BwLocation)1 BwPrincipal (org.bedework.calfacade.BwPrincipal)1 BwRecurrenceInstance (org.bedework.calfacade.BwRecurrenceInstance)1 BwShareableContainedDbentity (org.bedework.calfacade.base.BwShareableContainedDbentity)1