use of org.bedework.calfacade.wrappers.CalendarWrapper in project bw-calendar-engine by Bedework.
the class AccessUtil method checkAccess.
@Override
public CurrentAccess checkAccess(final BwShareableDbentity<?> ent, final int desiredAccess, final boolean alwaysReturnResult) throws CalFacadeException {
if (ent == null) {
return null;
}
if (ent instanceof CalendarWrapper) {
final CalendarWrapper col = (CalendarWrapper) ent;
final CurrentAccess ca = col.getCurrentAccess(desiredAccess);
if (ca != null) {
if (debug) {
debug("Access " + desiredAccess + " already checked for " + cb.getPrincipal().getPrincipalRef() + " and allowed=" + ca.getAccessAllowed());
}
if (!ca.getAccessAllowed() && !alwaysReturnResult) {
throw new CalFacadeAccessException();
}
return ca;
}
}
if (debug) {
final String cname = ent.getClass().getName();
final String ident;
if (ent instanceof BwCalendar) {
ident = ((BwCalendar) ent).getPath();
} else {
ident = String.valueOf(ent.getId());
}
debug("Check access by " + cb.getPrincipal().getPrincipalRef() + " for object " + cname.substring(cname.lastIndexOf(".") + 1) + " ident=" + ident + " desiredAccess = " + desiredAccess);
}
try {
final long startTime = System.currentTimeMillis();
CurrentAccess ca = null;
final AccessPrincipal owner = cb.getPrincipal(ent.getOwnerHref());
if (debug) {
debug("After getPrincipal - took: " + (System.currentTimeMillis() - startTime));
}
if (owner == null) {
error("Principal(owner) " + ent.getOwnerHref() + " does not exist");
if (!alwaysReturnResult) {
throw new CalFacadeAccessException();
}
return new CurrentAccess(false);
}
PrivilegeSet maxPrivs = null;
char[] aclChars = null;
if (ent instanceof BwCalendar) {
final BwCalendar cal = (BwCalendar) ent;
final String path = cal.getPath();
/* I think this was wrong. For superuser we want to see the real
* access but they are going to be allowed access whatever.
if (userRootPath.equals(path)) {
ca = new CurrentAccess();
if (getSuperUser()) {
ca.privileges = PrivilegeSet.makeDefaultOwnerPrivileges();
} else {
ca.privileges = PrivilegeSet.makeDefaultNonOwnerPrivileges();
}
} else if (path.equals(userHomePathPrefix + account)){
// Accessing user home directory
if (getSuperUser()) {
ca = new CurrentAccess();
ca.privileges = PrivilegeSet.makeDefaultOwnerPrivileges();
} else {
// Set the maximumn access
maxPrivs = PrivilegeSet.userHomeMaxPrivileges;
}
}
*/
if (!cb.getSuperUser()) {
if (cb.getUserHomePath().equals(path)) {
ca = new CurrentAccess();
ca = Acl.defaultNonOwnerAccess;
} else if (path.equals(Util.buildPath(colPathEndsWithSlash, cb.getUserHomePath(), "/", owner.getAccount()))) {
// Accessing user home directory
// Set the maximumn access
maxPrivs = PrivilegeSet.userHomeMaxPrivileges;
}
}
}
if (maxPrivs == null) {
maxPrivs = cb.getMaximumAllowedPrivs();
} else if (cb.getMaximumAllowedPrivs() != null) {
maxPrivs = PrivilegeSet.filterPrivileges(maxPrivs, cb.getMaximumAllowedPrivs());
}
if (ca == null) {
/* Not special. getAclChars provides merged access for the current
* entity.
*/
aclChars = getAclChars(ent);
if (aclChars == null) {
error("Unable to fetch aclchars for " + ent);
if (!alwaysReturnResult) {
throw new CalFacadeAccessException();
}
return new CurrentAccess(false);
}
if (debug) {
debug("aclChars = " + new String(aclChars));
}
if (desiredAccess == privAny) {
ca = access.checkAny(cb, cb.getPrincipal(), owner, aclChars, maxPrivs);
} else if (desiredAccess == privRead) {
ca = access.checkRead(cb, cb.getPrincipal(), owner, aclChars, maxPrivs);
} else if (desiredAccess == privWrite) {
ca = access.checkReadWrite(cb, cb.getPrincipal(), owner, aclChars, maxPrivs);
} else {
ca = access.evaluateAccess(cb, cb.getPrincipal(), owner, desiredAccess, aclChars, maxPrivs);
}
}
if ((cb.getPrincipal() != null) && cb.getSuperUser()) {
/* Override rather than just create a readable access as code further
* up expects a valid filled in object.
*/
if (debug && !ca.getAccessAllowed()) {
debug("Override for superuser");
}
ca = Acl.forceAccessAllowed(ca);
}
if (ent instanceof CalendarWrapper) {
final CalendarWrapper col = (CalendarWrapper) ent;
col.setCurrentAccess(ca, desiredAccess);
}
if (debug) {
debug("access allowed: " + ca.getAccessAllowed());
}
if (!ca.getAccessAllowed() && !alwaysReturnResult) {
throw new CalFacadeAccessException();
}
return ca;
} catch (final CalFacadeException cfe) {
throw cfe;
} catch (final Throwable t) {
throw new CalFacadeException(t);
}
}
use of org.bedework.calfacade.wrappers.CalendarWrapper in project bw-calendar-engine by Bedework.
the class AccessUtil method getAclChars.
/* ====================================================================
* Private methods
* ==================================================================== */
/* If the entity is not a collection we merge the access in with the container
* access then return the merged aces. We do this because we call getPathInfo
* with a collection entity. That method will recurse up to the root.
*
* For a calendar we just use the access for the calendar.
*
* The calendar/container access might be cached in the pathInfoTable.
*/
private char[] getAclChars(final BwShareableDbentity<?> ent) throws CalFacadeException {
if ((!(ent instanceof BwEventProperty)) && (ent instanceof BwShareableContainedDbentity)) {
BwCalendar container;
if (ent instanceof BwCalendar) {
container = (BwCalendar) ent;
} else {
container = getParent((BwShareableContainedDbentity<?>) ent);
}
if (container == null) {
return null;
}
final String path = container.getPath();
CalendarWrapper wcol = (CalendarWrapper) container;
String aclStr;
char[] aclChars = null;
/* Get access for the parent first if we have one */
BwCalendar parent = getParent(wcol);
if (parent != null) {
aclStr = new String(merged(getAclChars(parent), parent.getPath(), wcol.getAccess()));
} else if (wcol.getAccess() != null) {
aclStr = wcol.getAccess();
} else {
// At root
throw new CalFacadeException("Collections must have default access set at root");
}
if (aclStr != null) {
aclChars = aclStr.toCharArray();
}
if (ent instanceof BwCalendar) {
return aclChars;
}
return merged(aclChars, path, ent.getAccess());
}
/* This is a way of making other objects sort of shareable.
* The objects are locations, sponsors and categories.
* (also calsuite)
*
* We store the default access in the owner principal and manipulate that to give
* us some degree of sharing.
*
* In effect, the owner becomes the container for the object.
*/
String aclString = null;
String entAccess = ent.getAccess();
BwPrincipal owner = (BwPrincipal) cb.getPrincipal(ent.getOwnerHref());
if (ent instanceof BwCategory) {
aclString = owner.getCategoryAccess();
} else if (ent instanceof BwLocation) {
aclString = owner.getLocationAccess();
} else if (ent instanceof BwContact) {
aclString = owner.getContactAccess();
}
if (aclString == null) {
if (entAccess == null) {
if (ent.getPublick()) {
return Access.getDefaultPublicAccess().toCharArray();
}
return Access.getDefaultPersonalAccess().toCharArray();
}
return entAccess.toCharArray();
}
if (entAccess == null) {
return aclString.toCharArray();
}
try {
Acl acl = Acl.decode(entAccess.toCharArray());
acl = acl.merge(aclString.toCharArray(), "/owner");
return acl.getEncoded();
} catch (Throwable t) {
throw new CalFacadeException(t);
}
}
use of org.bedework.calfacade.wrappers.CalendarWrapper in project bw-calendar-engine by Bedework.
the class CoreEvents method deleteEvent.
@Override
public DelEventResult deleteEvent(final EventInfo ei, final boolean scheduling, final boolean reallyDelete) throws CalFacadeException {
final DelEventResult der = new DelEventResult(false, 0);
BwEvent ev = ei.getEvent();
final boolean isMaster = ev.testRecurring() && (ev.getRecurrenceId() == null);
final boolean isInstance = (ev.getRecurrenceId() != null) && (ev instanceof BwEventProxy);
if (!isInstance && ev.unsaved()) {
final CoreEventInfo cei = getEvent(ev.getColPath(), ev.getName(), RecurringRetrievalMode.overrides);
if (cei == null) {
return der;
}
ev = cei.getEvent();
}
final long startTime = System.currentTimeMillis();
final int desiredAccess;
final boolean shared;
try {
final BwCalendar col = getEntityCollection(ev.getColPath(), privAny, scheduling, false);
shared = col.getPublick() || col.getShared();
if (!scheduling) {
desiredAccess = privUnbind;
} else {
/* Delete message while tidying up in/outbox.
* Set desiredAccess to something that works.
* */
final CalendarWrapper cw = (CalendarWrapper) col;
desiredAccess = cw.getLastDesiredAccess();
}
ac.checkAccess(ev, desiredAccess, false);
} catch (final CalFacadeException cfe) {
dao.rollback();
throw cfe;
}
if (!reallyDelete && ev.getTombstoned()) {
// no-op - just pretend
der.eventDeleted = true;
return der;
}
if (isMaster) {
// Master event - delete all instances and overrides.
deleteInstances(ev, shared);
notifyDelete(reallyDelete, ev, shared);
if (reallyDelete) {
dao.delete(ev);
} else {
tombstoneEvent(ev);
}
der.eventDeleted = true;
stat(StatsEvent.deleteTime, startTime);
unindexEntity(ei);
return der;
}
if (isInstance) {
/* Deleting a single instance. Delete any overrides, delete the instance
* and add an exdate to the master.
*/
final BwEventProxy proxy = (BwEventProxy) ev;
final BwEventAnnotation ann = proxy.getRef();
BwEvent master = ann.getMaster();
if (master.unsaved()) {
final CoreEventInfo cei = getEvent(master.getColPath(), master.getName(), RecurringRetrievalMode.overrides);
if (cei == null) {
return der;
}
master = cei.getEvent();
}
/* Fetch the instance so we can delete it */
final BwRecurrenceInstance inst = dao.getInstance(master, ev.getRecurrenceId());
if (inst == null) {
stat(StatsEvent.deleteTime, startTime);
return der;
}
notifyDelete(true, ev, shared);
dao.delete(inst);
if (!ann.unsaved()) {
// der.alarmsDeleted = deleteAlarms(ann);
ann.getAttendees().clear();
dao.delete(ann);
}
final BwDateTime instDate = inst.getDtstart();
if (!master.getRdates().remove(instDate)) {
// Wasn't an rdate event
master.addExdate(instDate);
}
master.updateLastmod();
dao.update(master);
der.eventDeleted = true;
stat(StatsEvent.deleteTime, startTime);
indexEntity(ei.getRetrievedEvent());
return der;
}
// Single non recurring event.
BwEvent deletee = ev;
if (ev instanceof BwEventProxy) {
// Deleting an annotation
deletee = ((BwEventProxy) ev).getRef();
}
// I think we need something like this -- fixReferringAnnotations(deletee);
// XXX This could be wrong.
/* If this is a proxy we should only delete alarmas attached to the
* proxy - any attached to the underlying event should be left alone.
*/
// der.alarmsDeleted = deleteAlarms(deletee);
// sess.delete(sess.merge(deletee));
notifyDelete(reallyDelete, ev, shared);
if (reallyDelete) {
clearCollection(ev.getAttendees());
dao.delete(deletee);
} else {
tombstoneEvent(deletee);
}
der.eventDeleted = true;
stat(StatsEvent.deleteTime, startTime);
unindexEntity(ei);
return der;
}
use of org.bedework.calfacade.wrappers.CalendarWrapper in project bw-calendar-engine by Bedework.
the class CalintfImpl method reAttach.
@Override
public void reAttach(BwDbentity val) throws CalFacadeException {
if (val instanceof CalendarWrapper) {
final CalendarWrapper ccw = (CalendarWrapper) val;
val = ccw.fetchEntity();
}
sess.reAttach(val);
}
use of org.bedework.calfacade.wrappers.CalendarWrapper in project bw-calendar-engine by Bedework.
the class CoreCalendars method getCollection.
@Override
public BwCalendar getCollection(final String path) throws CalFacadeException {
if (path == null) {
return null;
}
BwCalendar col = colCache.get(path);
if (col != null) {
return col;
}
col = dao.getCollection(path);
if (col == null) {
if (path.equals("/")) {
// Fake a root collection
col = new BwCalendar();
col.setPath("/");
// Use this for owner/creator
final BwCalendar userRoot = getCollection(userCalendarRootPath);
if (userRoot == null) {
return null;
}
col.setOwnerHref(userRoot.getOwnerHref());
col.setCreatorHref(userRoot.getCreatorHref());
col.setAccess(Access.getDefaultPublicAccess());
} else if (!getPrincipal().getUnauthenticated()) {
/* Didn't find it. Is this a special collection we should create,
Only try this if authenticated.
*/
final GetSpecialCalendarResult gscr = getIfSpecial(getPrincipal(), path);
if (gscr == null) {
return null;
}
col = gscr.cal;
} else {
return null;
}
}
final CalendarWrapper wcol = wrap(col);
if (wcol != null) {
colCache.put(wcol);
}
return wcol;
}
Aggregations