Search in sources :

Example 6 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclDao method toAce.

protected RepositoryFileAce toAce(final Session session, final AccessControlEntry acEntry) throws RepositoryException {
    Principal principal = acEntry.getPrincipal();
    RepositoryFileSid sid = null;
    String name = principal.getName();
    DefaultPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper(session);
    if (principal instanceof Group) {
        sid = new RepositoryFileSid(JcrTenantUtils.getRoleNameUtils().getPrincipleName(name), RepositoryFileSid.Type.ROLE);
    } else {
        sid = new RepositoryFileSid(JcrTenantUtils.getUserNameUtils().getPrincipleName(name), RepositoryFileSid.Type.USER);
    }
    // $NON-NLS-1$
    logger.debug(String.format("principal class [%s]", principal.getClass().getName()));
    Privilege[] privileges = acEntry.getPrivileges();
    return new RepositoryFileAce(sid, permissionConversionHelper.privilegesToPentahoPermissions(session, privileges));
}
Also used : Group(java.security.acl.Group) RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) Privilege(javax.jcr.security.Privilege) SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal) SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal) Principal(java.security.Principal)

Example 7 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclDao method addAce.

public void addAce(final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission) {
    if (isKioskEnabled()) {
        // $NON-NLS-1$
        throw new RuntimeException(Messages.getInstance().getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED"));
    }
    Assert.notNull(id);
    Assert.notNull(recipient);
    Assert.notNull(permission);
    RepositoryFileAcl acl = getAcl(id);
    Assert.notNull(acl);
    // TODO mlowery find an ACE with the recipient and update that rather than adding a new ACE
    RepositoryFileSid newRecipient = recipient;
    if (recipient.getType().equals(Type.USER)) {
        if (JcrTenantUtils.getUserNameUtils().getTenant(recipient.getName()) == null) {
            newRecipient = new RepositoryFileSid(JcrTenantUtils.getTenantedUser(recipient.getName()), recipient.getType());
        }
    } else {
        if (JcrTenantUtils.getRoleNameUtils().getTenant(recipient.getName()) == null) {
            newRecipient = new RepositoryFileSid(JcrTenantUtils.getTenantedRole(recipient.getName()), recipient.getType());
        }
    }
    RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder(acl).ace(newRecipient, permission).build();
    updateAcl(updatedAcl);
    // $NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$
    logger.debug("added ace: id=" + id + ", sid=" + recipient + ", permission=" + permission);
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Example 8 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclUtils method setOwner.

public static void setOwner(final Session session, final PentahoJcrConstants pentahoJcrConstants, final RepositoryFile file, final RepositoryFileSid owner) throws RepositoryException {
    RepositoryFileSid newOwnerSid = owner;
    if (JcrTenantUtils.getUserNameUtils().getTenant(owner.getName()) == null) {
        newOwnerSid = new RepositoryFileSid(JcrTenantUtils.getTenantedUser(owner.getName()), owner.getType());
    }
    RepositoryFileAcl acl = getAcl(session, pentahoJcrConstants, file.getId());
    RepositoryFileAcl newAcl = new RepositoryFileAcl.Builder(acl).owner(newOwnerSid).build();
    updateAcl(session, newAcl);
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Example 9 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclUtils method getAcl.

public static RepositoryFileAcl getAcl(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id) throws RepositoryException {
    Node node = session.getNodeByIdentifier(id.toString());
    if (node == null) {
        throw new RepositoryException(Messages.getInstance().getString("JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", // $NON-NLS-1$
        id.toString()));
    }
    String absPath = node.getPath();
    AccessControlManager acMgr = session.getAccessControlManager();
    AccessControlList acList = getAccessControlList(acMgr, absPath);
    RepositoryFileSid owner = null;
    String ownerString = JcrTenantUtils.getUserNameUtils().getPrincipleName(getOwner(session, absPath, acList));
    if (ownerString != null) {
        // for now, just assume all owners are users; only has UI impact
        owner = new RepositoryFileSid(ownerString, RepositoryFileSid.Type.USER);
    }
    RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder(id, owner);
    aclBuilder.entriesInheriting(isEntriesInheriting(session, absPath, acList));
    List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata(Arrays.asList(acList.getAccessControlEntries()));
    for (AccessControlEntry acEntry : cleanedAcEntries) {
        aclBuilder.ace(toAce(session, acEntry));
    }
    return aclBuilder.build();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) Node(javax.jcr.Node) AccessControlEntry(javax.jcr.security.AccessControlEntry) RepositoryException(javax.jcr.RepositoryException) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Example 10 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclUtils method toAce.

private static RepositoryFileAce toAce(final Session session, final AccessControlEntry acEntry) throws RepositoryException {
    Principal principal = acEntry.getPrincipal();
    RepositoryFileSid sid = null;
    if (principal instanceof Group) {
        sid = new RepositoryFileSid(principal.getName(), RepositoryFileSid.Type.ROLE);
    } else {
        sid = new RepositoryFileSid(principal.getName(), RepositoryFileSid.Type.USER);
    }
    Privilege[] privileges = acEntry.getPrivileges();
    IPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper(session);
    return new RepositoryFileAce(sid, permissionConversionHelper.privilegesToPentahoPermissions(session, privileges));
}
Also used : Group(org.apache.jackrabbit.api.security.user.Group) RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) IPermissionConversionHelper(org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclDao.IPermissionConversionHelper) Privilege(javax.jcr.security.Privilege) SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal) SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal) Principal(java.security.Principal)

Aggregations

RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)37 RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)30 RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)25 ITenant (org.pentaho.platform.api.mt.ITenant)15 Test (org.junit.Test)12 RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)10 Builder (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder)7 Matchers.anyString (org.mockito.Matchers.anyString)5 ArrayList (java.util.ArrayList)4 UnifiedRepositoryException (org.pentaho.platform.api.repository2.unified.UnifiedRepositoryException)4 Serializable (java.io.Serializable)3 Node (javax.jcr.Node)3 RepositoryException (javax.jcr.RepositoryException)3 IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)3 RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)3 StandaloneSession (org.pentaho.platform.engine.core.system.StandaloneSession)3 SpringSecurityRolePrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)3 Authentication (org.springframework.security.core.Authentication)3 TransactionStatus (org.springframework.transaction.TransactionStatus)3 TransactionCallbackWithoutResult (org.springframework.transaction.support.TransactionCallbackWithoutResult)3