Example 1 with RepositoryFileAce
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-kettle by pentaho.
the class UnifiedRepositoryConnectionAclService method getAcl.
@Override
public ObjectAcl getAcl(ObjectId fileId, boolean forceParentInheriting) throws KettleException {
RepositoryFileAcl acl = null;
try {
acl = pur.getAcl(fileId.getId());
} catch (Exception drfe) {
// The user does not have rights to view the acl information.
throw new KettleException(drfe);
}
RepositoryFileSid sid = acl.getOwner();
ObjectRecipient owner = new RepositoryObjectRecipient(sid.getName());
if (sid.getType().equals(RepositoryFileSid.Type.USER)) {
owner.setType(Type.USER);
} else {
owner.setType(Type.ROLE);
}
ObjectAcl objectAcl = new RepositoryObjectAcl(owner);
List<RepositoryFileAce> aces;
if (forceParentInheriting) {
objectAcl.setEntriesInheriting(true);
aces = pur.getEffectiveAces(acl.getId(), true);
} else {
objectAcl.setEntriesInheriting(acl.isEntriesInheriting());
aces = (acl.isEntriesInheriting()) ? pur.getEffectiveAces(acl.getId()) : acl.getAces();
}
List<ObjectAce> objectAces = new ArrayList<ObjectAce>();
for (RepositoryFileAce ace : aces) {
EnumSet<RepositoryFilePermission> permissions = ace.getPermissions();
EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf(RepositoryFilePermission.class);
RepositoryFileSid aceSid = ace.getSid();
ObjectRecipient recipient = new RepositoryObjectRecipient(aceSid.getName());
if (aceSid.getType().equals(RepositoryFileSid.Type.USER)) {
recipient.setType(Type.USER);
} else {
recipient.setType(Type.ROLE);
}
permissionSet.addAll(permissions);
objectAces.add(new RepositoryObjectAce(recipient, permissionSet));
}
objectAcl.setAces(objectAces);
return objectAcl;
}
Also used :
KettleException(org.pentaho.di.core.exception.KettleException)
RepositoryObjectAcl(org.pentaho.di.repository.pur.model.RepositoryObjectAcl)
ObjectAcl(org.pentaho.di.repository.pur.model.ObjectAcl)
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
ObjectRecipient(org.pentaho.di.repository.ObjectRecipient)
RepositoryObjectRecipient(org.pentaho.di.repository.pur.model.RepositoryObjectRecipient)
ArrayList(java.util.ArrayList)
ObjectAce(org.pentaho.di.repository.pur.model.ObjectAce)
RepositoryObjectAce(org.pentaho.di.repository.pur.model.RepositoryObjectAce)
RepositoryObjectAce(org.pentaho.di.repository.pur.model.RepositoryObjectAce)
KettleException(org.pentaho.di.core.exception.KettleException)
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
RepositoryObjectAcl(org.pentaho.di.repository.pur.model.RepositoryObjectAcl)
RepositoryObjectRecipient(org.pentaho.di.repository.pur.model.RepositoryObjectRecipient)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Example 2 with RepositoryFileAce
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.
the class ExportManifestEntity method getRepositoryFileAcl.
/**
* Helper method for importing. Returns a FileRepositoryAcl object for the the ExportManifestEntity. Will return null
* if there is no EntityAcl present.
*
* @return RepositoryFile
*/
public RepositoryFileAcl getRepositoryFileAcl() throws ExportManifestFormatException {
RepositoryFileAcl repositoryFileAcl;
EntityAcl entityAcl = getEntityAcl();
if (entityAcl == null) {
return null;
}
ArrayList<RepositoryFileAce> repositoryFileAces = new ArrayList<RepositoryFileAce>();
RepositoryFileSid rfs;
for (EntityAcl.Aces ace : entityAcl.getAces()) {
rfs = getSid(ace.getRecipient(), ace.getRecipientType());
HashSet<RepositoryFilePermission> permissionSet = new HashSet<RepositoryFilePermission>();
for (String permission : ace.getPermissions()) {
permissionSet.add(getPermission(permission));
}
RepositoryFileAce repositoryFileAce = new RepositoryFileAce(rfs, EnumSet.copyOf(permissionSet));
repositoryFileAces.add(repositoryFileAce);
}
repositoryFileAcl = new RepositoryFileAcl("", getSid(entityAcl.getOwner(), entityAcl.getOwnerType()), entityAcl.isEntriesInheriting(), repositoryFileAces);
return repositoryFileAcl;
}
Also used :
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
ArrayList(java.util.ArrayList)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
EntityAcl(org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
HashSet(java.util.HashSet)
Example 3 with RepositoryFileAce
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.
the class ExportManifestEntity method createEntityAcl.
private void createEntityAcl(RepositoryFileAcl repositoryFileAcl) {
DefaultTenantedPrincipleNameResolver nameResolver = new DefaultTenantedPrincipleNameResolver();
if (repositoryFileAcl == null) {
return;
}
entityAcl = new EntityAcl();
entityAcl.setEntriesInheriting(repositoryFileAcl.isEntriesInheriting());
entityAcl.setOwner(nameResolver.getPrincipleName(repositoryFileAcl.getOwner().getName()));
entityAcl.setOwnerType(repositoryFileAcl.getOwner().getType().name());
List<EntityAcl.Aces> aces = entityAcl.getAces();
aces.clear();
for (RepositoryFileAce repositoryFileAce : repositoryFileAcl.getAces()) {
EntityAcl.Aces ace = new EntityAcl.Aces();
ace.setRecipient(nameResolver.getPrincipleName(repositoryFileAce.getSid().getName()));
ace.setRecipientType(repositoryFileAce.getSid().getType().name());
List<String> permissions = ace.getPermissions();
for (RepositoryFilePermission permission : repositoryFileAce.getPermissions()) {
permissions.add(permission.toString());
}
aces.add(ace);
}
}
Also used :
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
DefaultTenantedPrincipleNameResolver(org.pentaho.platform.security.userroledao.DefaultTenantedPrincipleNameResolver)
EntityAcl(org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl)
Example 4 with RepositoryFileAce
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.
the class MockUnifiedRepository method hasAccess.
private boolean hasAccess(final Serializable fileId, final EnumSet<RepositoryFilePermission> permissions) {
String username = currentUserProvider.getUser();
List<String> roles = currentUserProvider.getRoles();
RepositoryFileAcl acl = idManager.getFileById(fileId).getAcl();
if (acl.getOwner().getType() == USER && acl.getOwner().getName().equals(username)) {
// owner can do anything
return true;
}
List<RepositoryFileAce> aces = internalGetEffectiveAces(fileId);
for (RepositoryFileAce ace : aces) {
if (ace.getSid().equals(everyone()) && ace.getPermissions().containsAll(permissions)) {
// match special everyone role
return true;
} else if (ace.getSid().getType() == USER && ace.getSid().getName().equals(username) && ace.getPermissions().containsAll(permissions)) {
// match on user
return true;
}
for (String role : roles) {
if (ace.getSid().getType() == ROLE && ace.getSid().getName().equals(role) && ace.getPermissions().containsAll(permissions)) {
// match on role
return true;
}
}
}
return false;
}
Also used :
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Example 5 with RepositoryFileAce
use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.
the class ExportManifestTest method createMockAce.
private RepositoryFileAce createMockAce(String recipientName, String recipientType, RepositoryFilePermission first, RepositoryFilePermission... rest) {
RepositoryFileSid.Type type = RepositoryFileSid.Type.valueOf(recipientType);
RepositoryFileSid recipient = new RepositoryFileSid(recipientName, type);
return new RepositoryFileAce(recipient, EnumSet.of(first, rest));
}
Also used :
RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid)
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
Aggregations
RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)19
RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)11
RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)9
ArrayList (java.util.ArrayList)7
Test (org.junit.Test)5
ITenant (org.pentaho.platform.api.mt.ITenant)5
RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)5
RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)5
SpringSecurityRolePrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)5
Principal (java.security.Principal)4
SpringSecurityUserPrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)4
Node (javax.jcr.Node)3
RepositoryException (javax.jcr.RepositoryException)3
AccessControlEntry (javax.jcr.security.AccessControlEntry)3
AccessControlList (javax.jcr.security.AccessControlList)3
AccessControlManager (javax.jcr.security.AccessControlManager)2
Privilege (javax.jcr.security.Privilege)2
EntityAcl (org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl)2
AclMetadata (org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata)2
IPermissionConversionHelper (org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclDao.IPermissionConversionHelper)2
