Search in sources :

Example 1 with RepositoryFileAce

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-kettle by pentaho.

the class UnifiedRepositoryConnectionAclService method getAcl.

@Override
public ObjectAcl getAcl(ObjectId fileId, boolean forceParentInheriting) throws KettleException {
    RepositoryFileAcl acl = null;
    try {
        acl = pur.getAcl(fileId.getId());
    } catch (Exception drfe) {
        // The user does not have rights to view the acl information.
        throw new KettleException(drfe);
    }
    RepositoryFileSid sid = acl.getOwner();
    ObjectRecipient owner = new RepositoryObjectRecipient(sid.getName());
    if (sid.getType().equals(RepositoryFileSid.Type.USER)) {
        owner.setType(Type.USER);
    } else {
        owner.setType(Type.ROLE);
    }
    ObjectAcl objectAcl = new RepositoryObjectAcl(owner);
    List<RepositoryFileAce> aces;
    if (forceParentInheriting) {
        objectAcl.setEntriesInheriting(true);
        aces = pur.getEffectiveAces(acl.getId(), true);
    } else {
        objectAcl.setEntriesInheriting(acl.isEntriesInheriting());
        aces = (acl.isEntriesInheriting()) ? pur.getEffectiveAces(acl.getId()) : acl.getAces();
    }
    List<ObjectAce> objectAces = new ArrayList<ObjectAce>();
    for (RepositoryFileAce ace : aces) {
        EnumSet<RepositoryFilePermission> permissions = ace.getPermissions();
        EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf(RepositoryFilePermission.class);
        RepositoryFileSid aceSid = ace.getSid();
        ObjectRecipient recipient = new RepositoryObjectRecipient(aceSid.getName());
        if (aceSid.getType().equals(RepositoryFileSid.Type.USER)) {
            recipient.setType(Type.USER);
        } else {
            recipient.setType(Type.ROLE);
        }
        permissionSet.addAll(permissions);
        objectAces.add(new RepositoryObjectAce(recipient, permissionSet));
    }
    objectAcl.setAces(objectAces);
    return objectAcl;
}
Also used : KettleException(org.pentaho.di.core.exception.KettleException) RepositoryObjectAcl(org.pentaho.di.repository.pur.model.RepositoryObjectAcl) ObjectAcl(org.pentaho.di.repository.pur.model.ObjectAcl) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) ObjectRecipient(org.pentaho.di.repository.ObjectRecipient) RepositoryObjectRecipient(org.pentaho.di.repository.pur.model.RepositoryObjectRecipient) ArrayList(java.util.ArrayList) ObjectAce(org.pentaho.di.repository.pur.model.ObjectAce) RepositoryObjectAce(org.pentaho.di.repository.pur.model.RepositoryObjectAce) RepositoryObjectAce(org.pentaho.di.repository.pur.model.RepositoryObjectAce) KettleException(org.pentaho.di.core.exception.KettleException) RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) RepositoryObjectAcl(org.pentaho.di.repository.pur.model.RepositoryObjectAcl) RepositoryObjectRecipient(org.pentaho.di.repository.pur.model.RepositoryObjectRecipient) RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Example 2 with RepositoryFileAce

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.

the class ExportManifestEntity method getRepositoryFileAcl.

/**
 * Helper method for importing. Returns a FileRepositoryAcl object for the the ExportManifestEntity. Will return null
 * if there is no EntityAcl present.
 *
 * @return RepositoryFile
 */
public RepositoryFileAcl getRepositoryFileAcl() throws ExportManifestFormatException {
    RepositoryFileAcl repositoryFileAcl;
    EntityAcl entityAcl = getEntityAcl();
    if (entityAcl == null) {
        return null;
    }
    ArrayList<RepositoryFileAce> repositoryFileAces = new ArrayList<RepositoryFileAce>();
    RepositoryFileSid rfs;
    for (EntityAcl.Aces ace : entityAcl.getAces()) {
        rfs = getSid(ace.getRecipient(), ace.getRecipientType());
        HashSet<RepositoryFilePermission> permissionSet = new HashSet<RepositoryFilePermission>();
        for (String permission : ace.getPermissions()) {
            permissionSet.add(getPermission(permission));
        }
        RepositoryFileAce repositoryFileAce = new RepositoryFileAce(rfs, EnumSet.copyOf(permissionSet));
        repositoryFileAces.add(repositoryFileAce);
    }
    repositoryFileAcl = new RepositoryFileAcl("", getSid(entityAcl.getOwner(), entityAcl.getOwnerType()), entityAcl.isEntriesInheriting(), repositoryFileAces);
    return repositoryFileAcl;
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) ArrayList(java.util.ArrayList) RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission) EntityAcl(org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl) HashSet(java.util.HashSet)

Example 3 with RepositoryFileAce

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.

the class ExportManifestEntity method createEntityAcl.

private void createEntityAcl(RepositoryFileAcl repositoryFileAcl) {
    DefaultTenantedPrincipleNameResolver nameResolver = new DefaultTenantedPrincipleNameResolver();
    if (repositoryFileAcl == null) {
        return;
    }
    entityAcl = new EntityAcl();
    entityAcl.setEntriesInheriting(repositoryFileAcl.isEntriesInheriting());
    entityAcl.setOwner(nameResolver.getPrincipleName(repositoryFileAcl.getOwner().getName()));
    entityAcl.setOwnerType(repositoryFileAcl.getOwner().getType().name());
    List<EntityAcl.Aces> aces = entityAcl.getAces();
    aces.clear();
    for (RepositoryFileAce repositoryFileAce : repositoryFileAcl.getAces()) {
        EntityAcl.Aces ace = new EntityAcl.Aces();
        ace.setRecipient(nameResolver.getPrincipleName(repositoryFileAce.getSid().getName()));
        ace.setRecipientType(repositoryFileAce.getSid().getType().name());
        List<String> permissions = ace.getPermissions();
        for (RepositoryFilePermission permission : repositoryFileAce.getPermissions()) {
            permissions.add(permission.toString());
        }
        aces.add(ace);
    }
}
Also used : RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission) DefaultTenantedPrincipleNameResolver(org.pentaho.platform.security.userroledao.DefaultTenantedPrincipleNameResolver) EntityAcl(org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl)

Example 4 with RepositoryFileAce

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.

the class MockUnifiedRepository method hasAccess.

private boolean hasAccess(final Serializable fileId, final EnumSet<RepositoryFilePermission> permissions) {
    String username = currentUserProvider.getUser();
    List<String> roles = currentUserProvider.getRoles();
    RepositoryFileAcl acl = idManager.getFileById(fileId).getAcl();
    if (acl.getOwner().getType() == USER && acl.getOwner().getName().equals(username)) {
        // owner can do anything
        return true;
    }
    List<RepositoryFileAce> aces = internalGetEffectiveAces(fileId);
    for (RepositoryFileAce ace : aces) {
        if (ace.getSid().equals(everyone()) && ace.getPermissions().containsAll(permissions)) {
            // match special everyone role
            return true;
        } else if (ace.getSid().getType() == USER && ace.getSid().getName().equals(username) && ace.getPermissions().containsAll(permissions)) {
            // match on user
            return true;
        }
        for (String role : roles) {
            if (ace.getSid().getType() == ROLE && ace.getSid().getName().equals(role) && ace.getPermissions().containsAll(permissions)) {
                // match on role
                return true;
            }
        }
    }
    return false;
}
Also used : RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Example 5 with RepositoryFileAce

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.

the class ExportManifestTest method createMockAce.

private RepositoryFileAce createMockAce(String recipientName, String recipientType, RepositoryFilePermission first, RepositoryFilePermission... rest) {
    RepositoryFileSid.Type type = RepositoryFileSid.Type.valueOf(recipientType);
    RepositoryFileSid recipient = new RepositoryFileSid(recipientName, type);
    return new RepositoryFileAce(recipient, EnumSet.of(first, rest));
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)

Aggregations

RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)19 RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)11 RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)9 ArrayList (java.util.ArrayList)7 Test (org.junit.Test)5 ITenant (org.pentaho.platform.api.mt.ITenant)5 RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)5 RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)5 SpringSecurityRolePrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)5 Principal (java.security.Principal)4 SpringSecurityUserPrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)4 Node (javax.jcr.Node)3 RepositoryException (javax.jcr.RepositoryException)3 AccessControlEntry (javax.jcr.security.AccessControlEntry)3 AccessControlList (javax.jcr.security.AccessControlList)3 AccessControlManager (javax.jcr.security.AccessControlManager)2 Privilege (javax.jcr.security.Privilege)2 EntityAcl (org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl)2 AclMetadata (org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata)2 IPermissionConversionHelper (org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclDao.IPermissionConversionHelper)2