Search in sources :

Example 1 with RepositoryFilePermission

use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-kettle by pentaho.

the class UnifiedRepositoryConnectionAclService method getAcl.

@Override
public ObjectAcl getAcl(ObjectId fileId, boolean forceParentInheriting) throws KettleException {
    RepositoryFileAcl acl = null;
    try {
        acl = pur.getAcl(fileId.getId());
    } catch (Exception drfe) {
        // The user does not have rights to view the acl information.
        throw new KettleException(drfe);
    }
    RepositoryFileSid sid = acl.getOwner();
    ObjectRecipient owner = new RepositoryObjectRecipient(sid.getName());
    if (sid.getType().equals(RepositoryFileSid.Type.USER)) {
        owner.setType(Type.USER);
    } else {
        owner.setType(Type.ROLE);
    }
    ObjectAcl objectAcl = new RepositoryObjectAcl(owner);
    List<RepositoryFileAce> aces;
    if (forceParentInheriting) {
        objectAcl.setEntriesInheriting(true);
        aces = pur.getEffectiveAces(acl.getId(), true);
    } else {
        objectAcl.setEntriesInheriting(acl.isEntriesInheriting());
        aces = (acl.isEntriesInheriting()) ? pur.getEffectiveAces(acl.getId()) : acl.getAces();
    }
    List<ObjectAce> objectAces = new ArrayList<ObjectAce>();
    for (RepositoryFileAce ace : aces) {
        EnumSet<RepositoryFilePermission> permissions = ace.getPermissions();
        EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf(RepositoryFilePermission.class);
        RepositoryFileSid aceSid = ace.getSid();
        ObjectRecipient recipient = new RepositoryObjectRecipient(aceSid.getName());
        if (aceSid.getType().equals(RepositoryFileSid.Type.USER)) {
            recipient.setType(Type.USER);
        } else {
            recipient.setType(Type.ROLE);
        }
        permissionSet.addAll(permissions);
        objectAces.add(new RepositoryObjectAce(recipient, permissionSet));
    }
    objectAcl.setAces(objectAces);
    return objectAcl;
}
Also used : KettleException(org.pentaho.di.core.exception.KettleException) RepositoryObjectAcl(org.pentaho.di.repository.pur.model.RepositoryObjectAcl) ObjectAcl(org.pentaho.di.repository.pur.model.ObjectAcl) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) ObjectRecipient(org.pentaho.di.repository.ObjectRecipient) RepositoryObjectRecipient(org.pentaho.di.repository.pur.model.RepositoryObjectRecipient) ArrayList(java.util.ArrayList) ObjectAce(org.pentaho.di.repository.pur.model.ObjectAce) RepositoryObjectAce(org.pentaho.di.repository.pur.model.RepositoryObjectAce) RepositoryObjectAce(org.pentaho.di.repository.pur.model.RepositoryObjectAce) KettleException(org.pentaho.di.core.exception.KettleException) RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) RepositoryObjectAcl(org.pentaho.di.repository.pur.model.RepositoryObjectAcl) RepositoryObjectRecipient(org.pentaho.di.repository.pur.model.RepositoryObjectRecipient) RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Example 2 with RepositoryFilePermission

use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-kettle by pentaho.

the class UnifiedRepositoryConnectionAclService method setAcl.

@Override
public void setAcl(ObjectId fileId, ObjectAcl objectAcl) throws KettleException {
    try {
        RepositoryFileAcl acl = pur.getAcl(fileId.getId());
        RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder(acl).entriesInheriting(objectAcl.isEntriesInheriting()).clearAces();
        if (!objectAcl.isEntriesInheriting()) {
            List<ObjectAce> aces = objectAcl.getAces();
            for (ObjectAce objectAce : aces) {
                EnumSet<RepositoryFilePermission> permissions = objectAce.getPermissions();
                EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf(RepositoryFilePermission.class);
                ObjectRecipient recipient = objectAce.getRecipient();
                RepositoryFileSid sid;
                if (recipient.getType().equals(Type.ROLE)) {
                    sid = new RepositoryFileSid(recipient.getName(), RepositoryFileSid.Type.ROLE);
                } else {
                    sid = new RepositoryFileSid(recipient.getName());
                }
                if (permissions != null) {
                    permissionSet.addAll(permissions);
                }
                newAclBuilder.ace(sid, permissionSet);
            }
        }
        pur.updateAcl(newAclBuilder.build());
    } catch (Exception drfe) {
        // The user does not have rights to view or set the acl information.
        throw new KettleException(drfe);
    }
}
Also used : KettleException(org.pentaho.di.core.exception.KettleException) RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) ObjectRecipient(org.pentaho.di.repository.ObjectRecipient) RepositoryObjectRecipient(org.pentaho.di.repository.pur.model.RepositoryObjectRecipient) RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission) ObjectAce(org.pentaho.di.repository.pur.model.ObjectAce) RepositoryObjectAce(org.pentaho.di.repository.pur.model.RepositoryObjectAce) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl) KettleException(org.pentaho.di.core.exception.KettleException)

Example 3 with RepositoryFilePermission

use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.

the class ExportManifestEntity method getRepositoryFileAcl.

/**
 * Helper method for importing. Returns a FileRepositoryAcl object for the the ExportManifestEntity. Will return null
 * if there is no EntityAcl present.
 *
 * @return RepositoryFile
 */
public RepositoryFileAcl getRepositoryFileAcl() throws ExportManifestFormatException {
    RepositoryFileAcl repositoryFileAcl;
    EntityAcl entityAcl = getEntityAcl();
    if (entityAcl == null) {
        return null;
    }
    ArrayList<RepositoryFileAce> repositoryFileAces = new ArrayList<RepositoryFileAce>();
    RepositoryFileSid rfs;
    for (EntityAcl.Aces ace : entityAcl.getAces()) {
        rfs = getSid(ace.getRecipient(), ace.getRecipientType());
        HashSet<RepositoryFilePermission> permissionSet = new HashSet<RepositoryFilePermission>();
        for (String permission : ace.getPermissions()) {
            permissionSet.add(getPermission(permission));
        }
        RepositoryFileAce repositoryFileAce = new RepositoryFileAce(rfs, EnumSet.copyOf(permissionSet));
        repositoryFileAces.add(repositoryFileAce);
    }
    repositoryFileAcl = new RepositoryFileAcl("", getSid(entityAcl.getOwner(), entityAcl.getOwnerType()), entityAcl.isEntriesInheriting(), repositoryFileAces);
    return repositoryFileAcl;
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) ArrayList(java.util.ArrayList) RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission) EntityAcl(org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl) HashSet(java.util.HashSet)

Example 4 with RepositoryFilePermission

use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.

the class ExportManifestEntity method createEntityAcl.

private void createEntityAcl(RepositoryFileAcl repositoryFileAcl) {
    DefaultTenantedPrincipleNameResolver nameResolver = new DefaultTenantedPrincipleNameResolver();
    if (repositoryFileAcl == null) {
        return;
    }
    entityAcl = new EntityAcl();
    entityAcl.setEntriesInheriting(repositoryFileAcl.isEntriesInheriting());
    entityAcl.setOwner(nameResolver.getPrincipleName(repositoryFileAcl.getOwner().getName()));
    entityAcl.setOwnerType(repositoryFileAcl.getOwner().getType().name());
    List<EntityAcl.Aces> aces = entityAcl.getAces();
    aces.clear();
    for (RepositoryFileAce repositoryFileAce : repositoryFileAcl.getAces()) {
        EntityAcl.Aces ace = new EntityAcl.Aces();
        ace.setRecipient(nameResolver.getPrincipleName(repositoryFileAce.getSid().getName()));
        ace.setRecipientType(repositoryFileAce.getSid().getType().name());
        List<String> permissions = ace.getPermissions();
        for (RepositoryFilePermission permission : repositoryFileAce.getPermissions()) {
            permissions.add(permission.toString());
        }
        aces.add(ace);
    }
}
Also used : RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission) DefaultTenantedPrincipleNameResolver(org.pentaho.platform.security.userroledao.DefaultTenantedPrincipleNameResolver) EntityAcl(org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl)

Example 5 with RepositoryFilePermission

use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.

the class MockUnifiedRepository method hasAccess.

private boolean hasAccess(final Serializable fileId, final EnumSet<RepositoryFilePermission> permissions) {
    String username = currentUserProvider.getUser();
    List<String> roles = currentUserProvider.getRoles();
    RepositoryFileAcl acl = idManager.getFileById(fileId).getAcl();
    if (acl.getOwner().getType() == USER && acl.getOwner().getName().equals(username)) {
        // owner can do anything
        return true;
    }
    List<RepositoryFileAce> aces = internalGetEffectiveAces(fileId);
    for (RepositoryFileAce ace : aces) {
        if (ace.getSid().equals(everyone()) && ace.getPermissions().containsAll(permissions)) {
            // match special everyone role
            return true;
        } else if (ace.getSid().getType() == USER && ace.getSid().getName().equals(username) && ace.getPermissions().containsAll(permissions)) {
            // match on user
            return true;
        }
        for (String role : roles) {
            if (ace.getSid().getType() == ROLE && ace.getSid().getName().equals(role) && ace.getPermissions().containsAll(permissions)) {
                // match on role
                return true;
            }
        }
    }
    return false;
}
Also used : RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Aggregations

RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)13 RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)8 RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)8 ArrayList (java.util.ArrayList)7 RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)6 RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)4 HashSet (java.util.HashSet)2 RepositoryException (javax.jcr.RepositoryException)2 Privilege (javax.jcr.security.Privilege)2 Test (org.junit.Test)2 Matchers.anyString (org.mockito.Matchers.anyString)2 KettleException (org.pentaho.di.core.exception.KettleException)2 ObjectRecipient (org.pentaho.di.repository.ObjectRecipient)2 ObjectAce (org.pentaho.di.repository.pur.model.ObjectAce)2 RepositoryObjectAce (org.pentaho.di.repository.pur.model.RepositoryObjectAce)2 RepositoryObjectRecipient (org.pentaho.di.repository.pur.model.RepositoryObjectRecipient)2 IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)2 IPentahoJCRPrivilege (org.pentaho.platform.api.repository2.unified.IPentahoJCRPrivilege)2 IOlapServiceException (org.pentaho.platform.plugin.action.olap.IOlapServiceException)2 EntityAcl (org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl)2