Examples with RepositoryFileAce org.pentaho.platform.api.repository2.unified.RepositoryFileAce used on opensource projects

Search in sources :

Example 16 with RepositoryFileAce

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryAuthorizationIT method testOwnership.

@Test
public void testOwnership() throws Exception {
    loginAsSysTenantAdmin();
    ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
    userRoleDao.createUser(tenantAcme, USERNAME_ADMIN, PASSWORD, "", new String[] { tenantAdminRoleName });
    login(USERNAME_ADMIN, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", null);
    userRoleDao.createUser(tenantAcme, USERNAME_TIFFANY, PASSWORD, "", null);
    login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    // Suzy gives Tiffany all rights to her home folder
    final String parentFolderPath = ClientRepositoryPaths.getUserHomeFolderPath(PentahoSessionHolder.getSession().getName());
    RepositoryFile parentFolder = repo.getFile(parentFolderPath);
    RepositoryFileAcl parentAcl = repo.getAcl(parentFolder.getId());
    RepositoryFileAcl newParentAcl = new RepositoryFileAcl.Builder(parentAcl).ace(userNameUtils.getPrincipleId(tenantAcme, USERNAME_TIFFANY), RepositoryFileSid.Type.USER, RepositoryFilePermission.ALL).build();
    repo.updateAcl(newParentAcl);
    // suzy now creates a new folder inside of her home folder
    RepositoryFile newFolder = new RepositoryFile.Builder("test").folder(true).versioned(true).build();
    final String testFolderPath = parentFolderPath + RepositoryFile.SEPARATOR + "test";
    newFolder = repo.createFolder(parentFolder.getId(), newFolder, null);
    assertEquals(new RepositoryFileSid(USERNAME_SUZY), repo.getAcl(newFolder.getId()).getOwner());
    // tiffany will set acl removing suzy's rights to this folder
    login(USERNAME_TIFFANY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    RepositoryFileAcl testFolderAcl = repo.getAcl(newFolder.getId());
    // do a new Ace List filtering suzy's rights out
    List<RepositoryFileAce> newAceList = new ArrayList<RepositoryFileAce>();
    for (RepositoryFileAce ace : newParentAcl.getAces()) {
        if (!ace.getSid().getName().equals(USERNAME_SUZY)) {
            newAceList.add(ace);
        }
    }
    RepositoryFileAcl newTestAcl = new RepositoryFileAcl.Builder(testFolderAcl).aces(newAceList).build();
    repo.updateAcl(newTestAcl);
    // but suzy is still the owner--she should be able to "acl" herself back into the folder
    login(USERNAME_SUZY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    assertNotNull(repo.getFile(testFolderPath));
    // tiffany still have permissions
    login(USERNAME_TIFFANY, tenantAcme, new String[] { tenantAuthenticatedRoleName });
    assertNotNull(repo.getFile(testFolderPath));
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) ITenant(org.pentaho.platform.api.mt.ITenant) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) ArrayList(java.util.ArrayList) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile) Matchers.anyString(org.mockito.Matchers.anyString) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl) Test(org.junit.Test)

Example 17 with RepositoryFileAce

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryJaxwsWebServiceIT method testEverything.

@Test
public void testEverything() throws Exception {
    login(sysAdminUserName, systemTenant, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    ITenant tenantAcme = tenantManager.createTenant(systemTenant, TENANT_ID_ACME, tenantAdminRoleName, tenantAuthenticatedRoleName, ANONYMOUS_ROLE_NAME);
    userRoleDao.createUser(tenantAcme, USERNAME_SUZY, PASSWORD, "", new String[] { tenantAdminRoleName });
    logout();
    login(USERNAME_SUZY, tenantAcme, new String[] { tenantAdminRoleName, tenantAuthenticatedRoleName });
    logger.info("getFile");
    JcrRepositoryDumpToFile dumpToFile = new JcrRepositoryDumpToFile(testJcrTemplate, jcrTransactionTemplate, repositoryAdminUsername, "c:/build/testrepo_9", Mode.CUSTOM);
    dumpToFile.execute();
    RepositoryFile f = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(USERNAME_SUZY));
    assertNotNull(f.getId());
    assertEquals(ClientRepositoryPaths.getUserHomeFolderPath(USERNAME_SUZY), f.getPath());
    assertNotNull(f.getCreatedDate());
    assertEquals(USERNAME_SUZY, f.getName());
    assertTrue(f.isFolder());
    logger.info("getFileById");
    assertNotNull(repo.getFileById(f.getId()));
    logger.info("createFolder");
    RepositoryFile folder1 = repo.createFolder(f.getId(), new RepositoryFile.Builder("folder1").folder(true).build(), null);
    assertNotNull(folder1);
    assertEquals("folder1", folder1.getName());
    assertNotNull(folder1.getId());
    NodeRepositoryFileData data = makeNodeRepositoryFileData1();
    logger.info("createFile");
    RepositoryFile file1 = repo.createFile(folder1.getId(), new RepositoryFile.Builder("file1.whatever").versioned(true).build(), data, null);
    assertNotNull(file1);
    assertNotNull(file1.getId());
    logger.info("getDataForRead");
    NodeRepositoryFileData file1Data = repo.getDataForRead(file1.getId(), NodeRepositoryFileData.class);
    assertNotNull(file1Data);
    assertEquals("testNode", file1Data.getNode().getName());
    assertEquals("hello world", file1Data.getNode().getProperty("prop1").getString());
    assertEquals(false, file1Data.getNode().getProperty("prop2").getBoolean());
    assertEquals(DataPropertyType.BOOLEAN, file1Data.getNode().getProperty("prop2").getType());
    assertEquals(12L, file1Data.getNode().getProperty("prop3").getLong());
    logger.info("createFile (binary)");
    SimpleRepositoryFileData simpleData = new SimpleRepositoryFileData(new ByteArrayInputStream("Hello World!".getBytes("UTF-8")), "UTF-8", "text/plain");
    RepositoryFile simpleFile = repo.createFile(folder1.getId(), new RepositoryFile.Builder("file2.whatever").versioned(true).build(), simpleData, null);
    Serializable simpleVersion = simpleFile.getVersionId();
    logger.info("getDataForRead (binary)");
    SimpleRepositoryFileData simpleFileData = repo.getDataForRead(simpleFile.getId(), SimpleRepositoryFileData.class);
    assertNotNull(simpleFileData);
    assertEquals("Hello World!", IOUtils.toString(simpleFileData.getInputStream(), simpleFileData.getEncoding()));
    assertEquals("text/plain", simpleFileData.getMimeType());
    assertEquals("UTF-8", simpleFileData.getEncoding());
    logger.info("updateFile (binary)");
    simpleData = new SimpleRepositoryFileData(new ByteArrayInputStream("Ciao World!".getBytes("UTF-8")), "UTF-8", "text/plain");
    simpleFile = repo.updateFile(simpleFile, simpleData, null);
    assertNotNull(simpleFile.getLastModifiedDate());
    logger.info("getDataForRead (binary)");
    simpleFileData = repo.getDataForRead(simpleFile.getId(), SimpleRepositoryFileData.class);
    assertNotNull(simpleFileData);
    assertEquals("Ciao World!", IOUtils.toString(simpleFileData.getInputStream(), simpleFileData.getEncoding()));
    logger.info("getDataForReadAtVersion (binary)");
    simpleFileData = repo.getDataAtVersionForRead(simpleFile.getId(), simpleVersion, SimpleRepositoryFileData.class);
    assertNotNull(simpleFileData);
    assertEquals("Hello World!", IOUtils.toString(simpleFileData.getInputStream(), simpleFileData.getEncoding()));
    logger.info("getChildren");
    List<RepositoryFile> folder1Children = repo.getChildren(new RepositoryRequest(String.valueOf(folder1.getId()), true, -1, null));
    assertNotNull(folder1Children);
    assertEquals(2, folder1Children.size());
    logger.info("getChildren");
    List<RepositoryFile> folder1ChildrenFiltered = repo.getChildren(new RepositoryRequest(String.valueOf(folder1.getId()), true, -1, "*.sample"));
    assertNotNull(folder1ChildrenFiltered);
    assertEquals(0, folder1ChildrenFiltered.size());
    logger.info("getDeletedFiles");
    assertEquals(0, repo.getDeletedFiles().size());
    logger.info("deleteFile");
    repo.deleteFile(file1.getId(), null);
    logger.info("getDeletedFiles");
    assertEquals(0, repo.getDeletedFiles(folder1.getPath(), "*.sample").size());
    logger.info("hasAccess");
    assertFalse(repo.hasAccess("/pentaho", EnumSet.of(RepositoryFilePermission.WRITE)));
    logger.info("getEffectiveAces");
    List<RepositoryFileAce> folder1EffectiveAces = repo.getEffectiveAces(folder1.getId());
    assertEquals(1, folder1EffectiveAces.size());
    logger.info("getAcl");
    RepositoryFileAcl folder1Acl = repo.getAcl(folder1.getId());
    assertEquals(USERNAME_SUZY, folder1Acl.getOwner().getName());
    logger.info("updateAcl");
    userRoleDao.createUser(tenantAcme, USERNAME_TIFFANY, PASSWORD, "", null);
    RepositoryFileAcl updatedFolder1Acl = repo.updateAcl(new RepositoryFileAcl.Builder(folder1Acl).entriesInheriting(false).ace(userNameUtils.getPrincipleId(tenantAcme, USERNAME_TIFFANY), RepositoryFileSid.Type.USER, RepositoryFilePermission.ALL).build());
    assertNotNull(updatedFolder1Acl);
    assertEquals(1, updatedFolder1Acl.getAces().size());
    logger.info("lockFile");
    assertFalse(file1.isLocked());
    repo.lockFile(file1.getId(), "I locked this file");
    logger.info("canUnlockFile");
    assertTrue(repo.canUnlockFile(file1.getId()));
    logger.info("unlockFile");
    repo.unlockFile(file1.getId());
    logger.info("moveFile");
    repo.moveFile(file1.getId(), ClientRepositoryPaths.getUserHomeFolderPath(USERNAME_SUZY) + "/folder1", null);
    logger.info("copyFile");
    repo.copyFile(file1.getId(), ClientRepositoryPaths.getUserHomeFolderPath(USERNAME_SUZY) + "/folder1/fileB.whatever", null);
    RepositoryFile copiedFile = repo.getFile(ClientRepositoryPaths.getUserHomeFolderPath(USERNAME_SUZY) + "/folder1/fileB.whatever");
    copiedFile = repo.updateFile(copiedFile, data, null);
    logger.info("getVersionSummaries");
    List<VersionSummary> versionSummaries = repo.getVersionSummaries(file1.getId());
    assertNotNull(versionSummaries);
    // copy doesn't increase version number
    assertTrue(versionSummaries.size() >= 1);
    assertEquals(USERNAME_SUZY, versionSummaries.get(0).getAuthor());
    logger.info("getVersionSummary");
    VersionSummary versionSummary = repo.getVersionSummary(file1.getId(), null);
    assertNotNull(versionSummary);
    assertNotNull(versionSummary.getId());
    logger.info("getFileAtVersion");
    RepositoryFile file1AtVersion = repo.getFileAtVersion(file1.getId(), versionSummary.getId());
    assertNotNull(file1AtVersion);
    assertEquals(versionSummary.getId(), file1AtVersion.getVersionId());
    logger.info("getTree");
    RepositoryFileTree tree = repo.getTree(new RepositoryRequest(ClientRepositoryPaths.getRootFolderPath(), true, -1, null));
    assertNotNull(tree.getFile().getId());
    logger.info("getDataForReadInBatch");
    List<NodeRepositoryFileData> result = repo.getDataForReadInBatch(Arrays.asList(file1, copiedFile), NodeRepositoryFileData.class);
    assertEquals(2, result.size());
    logger.info("getVersionSummaryInBatch");
    List<VersionSummary> vResult = repo.getVersionSummaryInBatch(Arrays.asList(file1, simpleFile));
    assertEquals(2, vResult.size());
    logger.info("getReservedChars");
    assertFalse(repo.getReservedChars().isEmpty());
}
Also used : Serializable(java.io.Serializable) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) RepositoryFileTree(org.pentaho.platform.api.repository2.unified.RepositoryFileTree) ITenant(org.pentaho.platform.api.mt.ITenant) SimpleRepositoryFileData(org.pentaho.platform.api.repository2.unified.data.simple.SimpleRepositoryFileData) ByteArrayInputStream(java.io.ByteArrayInputStream) NodeRepositoryFileData(org.pentaho.platform.api.repository2.unified.data.node.NodeRepositoryFileData) VersionSummary(org.pentaho.platform.api.repository2.unified.VersionSummary) JcrRepositoryDumpToFile(org.pentaho.platform.repository2.unified.jcr.JcrRepositoryDumpToFile) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile) RepositoryRequest(org.pentaho.platform.api.repository2.unified.RepositoryRequest) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl) Test(org.junit.Test)

Example 18 with RepositoryFileAce

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclDao method getEffectiveAces.

// ~ Methods
// =========================================================================================================
/**
 * {@inheritDoc}
 */
@SuppressWarnings("unchecked")
public List<RepositoryFileAce> getEffectiveAces(final Serializable id, final boolean forceEntriesInheriting) {
    return (List<RepositoryFileAce>) jcrTemplate.execute(new JcrCallback() {

        public Object doInJcr(final Session session) throws RepositoryException, IOException {
            Node node = session.getNodeByIdentifier(id.toString());
            if (node == null) {
                throw new RepositoryException(Messages.getInstance().getString("JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", // $NON-NLS-1$
                id.toString()));
            }
            // consult the parent node's effective policy if force is true and parent is not null
            if (forceEntriesInheriting && session.getNodeByIdentifier(id.toString()).getParent() != null) {
                node = node.getParent();
            }
            String absPath = node.getPath();
            AccessControlPolicy[] acPolicies = session.getAccessControlManager().getEffectivePolicies(absPath);
            // logic assumes policies are ordered from leaf to root
            for (AccessControlPolicy policy : acPolicies) {
                Assert.isTrue(policy instanceof AccessControlList);
                AccessControlList acList = ((AccessControlList) policy);
                if (!isEntriesInheriting(session, absPath, acList)) {
                    List<RepositoryFileAce> aces = new ArrayList<RepositoryFileAce>();
                    AccessControlEntry[] acEntries = acList.getAccessControlEntries();
                    List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata(Arrays.asList(acEntries));
                    for (AccessControlEntry acEntry : cleanedAcEntries) {
                        if (!acEntry.getPrincipal().equals(new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(tenantAdminAuthorityName)))) {
                            aces.add(toAce(session, acEntry));
                        }
                    }
                    return aces;
                }
            }
            // none are entriesInheriting=false so root aces are the effective aces
            AccessControlList acList = (AccessControlList) acPolicies[acPolicies.length - 1];
            List<RepositoryFileAce> aces = new ArrayList<RepositoryFileAce>();
            AccessControlEntry[] acEntries = acList.getAccessControlEntries();
            List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata(Arrays.asList(acEntries));
            for (AccessControlEntry acEntry : cleanedAcEntries) {
                if (!acEntry.getPrincipal().equals(new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(tenantAdminAuthorityName)))) {
                    aces.add(toAce(session, acEntry));
                }
            }
            return aces;
        }
    });
}
Also used : AccessControlList(javax.jcr.security.AccessControlList) AccessControlPolicy(javax.jcr.security.AccessControlPolicy) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) Node(javax.jcr.Node) ArrayList(java.util.ArrayList) AccessControlEntry(javax.jcr.security.AccessControlEntry) RepositoryException(javax.jcr.RepositoryException) JcrCallback(org.springframework.extensions.jcr.JcrCallback) SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal) ArrayList(java.util.ArrayList) AccessControlList(javax.jcr.security.AccessControlList) List(java.util.List) Session(javax.jcr.Session)

Example 19 with RepositoryFileAce

use of org.pentaho.platform.api.repository2.unified.RepositoryFileAce in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclUtils method internalUpdateAcl.

private static RepositoryFileAcl internalUpdateAcl(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable fileId, final RepositoryFileAcl acl) throws RepositoryException {
    Node node = session.getNodeByIdentifier(fileId.toString());
    if (node == null) {
        // $NON-NLS-1$
        throw new RepositoryException("Node not found");
    }
    String absPath = node.getPath();
    AccessControlManager acMgr = session.getAccessControlManager();
    AccessControlList acList = getAccessControlList(acMgr, absPath);
    // clear all entries
    AccessControlEntry[] acEntries = acList.getAccessControlEntries();
    for (int i = 0; i < acEntries.length; i++) {
        acList.removeAccessControlEntry(acEntries[i]);
    }
    JcrRepositoryFileAclUtils.setAclMetadata(session, absPath, acList, new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting()));
    // add entries to now empty list but only if not inheriting; force user to start with clean slate
    if (!acl.isEntriesInheriting()) {
        for (RepositoryFileAce ace : acl.getAces()) {
            Principal principal = null;
            if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) {
                principal = new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(ace.getSid().getName()));
            } else {
                principal = new SpringSecurityUserPrincipal(JcrTenantUtils.getTenantedUser(ace.getSid().getName()));
            }
            IPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper(session);
            acList.addAccessControlEntry(principal, permissionConversionHelper.pentahoPermissionsToPrivileges(session, ace.getPermissions()));
        }
    }
    acMgr.setPolicy(absPath, acList);
    session.save();
    return getAcl(session, pentahoJcrConstants, fileId);
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) Node(javax.jcr.Node) AclMetadata(org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata) AccessControlEntry(javax.jcr.security.AccessControlEntry) RepositoryException(javax.jcr.RepositoryException) IPermissionConversionHelper(org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclDao.IPermissionConversionHelper) SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal) SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal) SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal) Principal(java.security.Principal) SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)

Aggregations

RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)19 RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)11 RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)9 ArrayList (java.util.ArrayList)7 Test (org.junit.Test)5 ITenant (org.pentaho.platform.api.mt.ITenant)5 RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)5 RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)5 SpringSecurityRolePrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)5 Principal (java.security.Principal)4 SpringSecurityUserPrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)4 Node (javax.jcr.Node)3 RepositoryException (javax.jcr.RepositoryException)3 AccessControlEntry (javax.jcr.security.AccessControlEntry)3 AccessControlList (javax.jcr.security.AccessControlList)3 AccessControlManager (javax.jcr.security.AccessControlManager)2 Privilege (javax.jcr.security.Privilege)2 EntityAcl (org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl)2 AclMetadata (org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata)2 IPermissionConversionHelper (org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclDao.IPermissionConversionHelper)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial