Example 11 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class JcrRepositoryFileDao method deleteFile.
/**
* {@inheritDoc}
*/
@Override
public void deleteFile(final Serializable fileId, final String versionMessage) {
if (isKioskEnabled()) {
// $NON-NLS-1$
throw new RuntimeException(Messages.getInstance().getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED"));
}
Assert.notNull(fileId);
jcrTemplate.execute(new JcrCallback() {
@Override
public Object doInJcr(final Session session) throws RepositoryException, IOException {
RepositoryFile fileToBeDeleted = getFileById(fileId);
// Get repository file info and acl info of parent
if (fileToBeDeleted != null) {
RepositoryFileAcl toBeDeletedFileAcl = aclDao.getAcl(fileToBeDeleted.getId());
// Invoke accessVoterManager to see if we have access to perform this operation
if (!accessVoterManager.hasAccess(fileToBeDeleted, RepositoryFilePermission.DELETE, toBeDeletedFileAcl, PentahoSessionHolder.getSession())) {
return null;
}
}
List<RepositoryFilePermission> perms = new ArrayList<RepositoryFilePermission>();
perms.add(RepositoryFilePermission.DELETE);
if (!aclDao.hasAccess(fileToBeDeleted.getPath(), EnumSet.copyOf(perms))) {
throw new AccessDeniedException(Messages.getInstance().getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED_DELETE", fileId));
}
PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants(session);
Serializable parentFolderId = JcrRepositoryFileUtils.getParentId(session, fileId);
JcrRepositoryFileUtils.checkoutNearestVersionableFileIfNecessary(session, pentahoJcrConstants, parentFolderId);
deleteHelper.deleteFile(session, pentahoJcrConstants, fileId);
session.save();
JcrRepositoryFileUtils.checkinNearestVersionableFileIfNecessary(session, pentahoJcrConstants, parentFolderId, versionMessage);
return null;
}
});
}
Also used :
AccessDeniedException(javax.jcr.AccessDeniedException)
Serializable(java.io.Serializable)
UnifiedRepositoryException(org.pentaho.platform.api.repository2.unified.UnifiedRepositoryException)
RepositoryException(javax.jcr.RepositoryException)
IOException(java.io.IOException)
JcrCallback(org.springframework.extensions.jcr.JcrCallback)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)
ArrayList(java.util.ArrayList)
List(java.util.List)
RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)
Session(javax.jcr.Session)
Example 12 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class DefaultPermissionConversionHelper method pentahoPermissionsToPrivileges.
// ~ Methods
// =========================================================================================================
public Privilege[] pentahoPermissionsToPrivileges(final Session session, final EnumSet<RepositoryFilePermission> permissions) throws RepositoryException {
Assert.notNull(session);
Assert.notNull(permissions);
Assert.notEmpty(permissions);
Set<Privilege> privileges = new HashSet<Privilege>();
for (RepositoryFilePermission currentPermission : permissions) {
if (permissionEnumToPrivilegeNamesMap.containsKey(currentPermission)) {
Collection<String> privNames = permissionEnumToPrivilegeNamesMap.get(currentPermission);
for (String privName : privNames) {
privileges.add(session.getAccessControlManager().privilegeFromName(privName));
}
} else {
// $NON-NLS-1$//$NON-NLS-2$
logger.debug("skipping permission=" + currentPermission + " as it doesn't have any corresponding privileges");
}
}
Assert.isTrue(!privileges.isEmpty(), "no privileges; see previous 'skipping permission' messages");
return privileges.toArray(new Privilege[0]);
}
Also used :
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
Privilege(javax.jcr.security.Privilege)
IPentahoJCRPrivilege(org.pentaho.platform.api.repository2.unified.IPentahoJCRPrivilege)
HashSet(java.util.HashSet)
Example 13 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class DefaultUnifiedRepository method updateAcl.
/**
* {@inheritDoc}
*/
public RepositoryFileAcl updateAcl(final RepositoryFileAcl acl) {
Assert.notNull(acl);
RepositoryFile file = getFileById(acl.getId());
List<RepositoryFilePermission> perms = new ArrayList<RepositoryFilePermission>();
perms.add(RepositoryFilePermission.ACL_MANAGEMENT);
if (!hasAccess(file.getPath(), EnumSet.copyOf(perms))) {
throw new UnifiedRepositoryAccessDeniedException(Messages.getInstance().getString("DefaultUnifiedRepository.ERROR_0001_ACCESS_DENIED_UPDATE_ACL", acl.getId()));
}
return repositoryFileAclDao.updateAcl(acl);
}
Also used :
UnifiedRepositoryAccessDeniedException(org.pentaho.platform.api.repository2.unified.UnifiedRepositoryAccessDeniedException)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
ArrayList(java.util.ArrayList)
RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)
Example 14 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class FileService method doGetCanAccessList.
public List<Setting> doGetCanAccessList(String pathId, String permissions) {
StringTokenizer tokenizer = new StringTokenizer(permissions, "|");
ArrayList<Setting> permMap = new ArrayList<Setting>();
while (tokenizer.hasMoreTokens()) {
Integer perm = Integer.valueOf(tokenizer.nextToken());
EnumSet<RepositoryFilePermission> permission = EnumSet.of(RepositoryFilePermission.values()[perm]);
permMap.add(new Setting(perm.toString(), new Boolean(getRepository().hasAccess(idToPath(pathId), permission)).toString()));
}
return permMap;
}
Also used :
StringTokenizer(java.util.StringTokenizer)
Setting(org.pentaho.platform.web.http.api.resources.Setting)
ArrayList(java.util.ArrayList)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
Example 15 with RepositoryFilePermission
use of org.pentaho.platform.api.repository2.unified.RepositoryFilePermission in project pentaho-platform by pentaho.
the class AccessVoterToLegacyAcl method convert.
private LegacyRepositoryFile convert(RepositoryFile file, RepositoryFileAcl acl) {
LegacyRepositoryFile legacy = new LegacyRepositoryFile(file.getName(), file.getPath(), file.isFolder());
legacy.setId(file.getId());
if (file.getLastModifiedDate() != null) {
legacy.setLastModified(file.getLastModifiedDate().getTime());
}
List<IPentahoAclEntry> legacyAcls = new ArrayList<IPentahoAclEntry>();
for (RepositoryFileAce fileAce : acl.getAces()) {
if (fileAce != null && fileAce.getSid() != null && fileAce.getPermissions() != null) {
for (RepositoryFilePermission filePermission : fileAce.getPermissions()) {
PentahoAclEntry fileAcl = new PentahoAclEntry();
if (RepositoryFileSid.Type.USER == fileAce.getSid().getType()) {
// user
fileAcl.setRecipient(fileAce.getSid().getName());
} else {
// role
fileAcl.setRecipient(new SimpleGrantedAuthority(fileAce.getSid().getName()));
}
fileAcl.setMask(mask(filePermission));
legacyAcls.add(fileAcl);
}
}
}
legacy.setAccessControls(legacyAcls);
return legacy;
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce)
ArrayList(java.util.ArrayList)
RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)
IPentahoAclEntry(org.pentaho.platform.api.engine.IPentahoAclEntry)
PentahoAclEntry(org.pentaho.platform.engine.security.acls.PentahoAclEntry)
IPentahoAclEntry(org.pentaho.platform.api.engine.IPentahoAclEntry)
Aggregations
RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)13
RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)8
RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)8
ArrayList (java.util.ArrayList)7
RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)6
RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)4
HashSet (java.util.HashSet)2
RepositoryException (javax.jcr.RepositoryException)2
Privilege (javax.jcr.security.Privilege)2
Test (org.junit.Test)2
Matchers.anyString (org.mockito.Matchers.anyString)2
KettleException (org.pentaho.di.core.exception.KettleException)2
ObjectRecipient (org.pentaho.di.repository.ObjectRecipient)2
ObjectAce (org.pentaho.di.repository.pur.model.ObjectAce)2
RepositoryObjectAce (org.pentaho.di.repository.pur.model.RepositoryObjectAce)2
RepositoryObjectRecipient (org.pentaho.di.repository.pur.model.RepositoryObjectRecipient)2
IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)2
IPentahoJCRPrivilege (org.pentaho.platform.api.repository2.unified.IPentahoJCRPrivilege)2
IOlapServiceException (org.pentaho.platform.plugin.action.olap.IOlapServiceException)2
EntityAcl (org.pentaho.platform.plugin.services.importexport.exportManifest.bindings.EntityAcl)2
