Search in sources :

Example 11 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclUtils method addAce.

public static void addAce(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission) throws RepositoryException {
    RepositoryFileSid newRecipient = recipient;
    if (JcrTenantUtils.getUserNameUtils().getTenant(recipient.getName()) == null) {
        newRecipient = new RepositoryFileSid(JcrTenantUtils.getTenantedUser(recipient.getName()), recipient.getType());
    }
    RepositoryFileAcl acl = getAcl(session, pentahoJcrConstants, id);
    RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder(acl).ace(newRecipient, permission).build();
    updateAcl(session, updatedAcl);
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Example 12 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class AbstractRepositoryTenantManager method createUserHomeFolder.

@Override
public RepositoryFile createUserHomeFolder(ITenant theTenant, String username) {
    Builder aclsForUserHomeFolder = null;
    Builder aclsForTenantHomeFolder = null;
    RepositoryFile userHomeFolder = null;
    RepositoryFile tenantHomeFolder = null;
    RepositoryFile tenantRootFolder = null;
    String userId = tenantedUserNameResolver.getPrincipleId(theTenant, username);
    final RepositoryFileSid userSid = new RepositoryFileSid(userId);
    username = JcrTenantUtils.getPrincipalName(username, true);
    if (theTenant == null) {
        theTenant = JcrTenantUtils.getTenant(username, true);
    }
    // Get the Tenant Root folder. If the Tenant Root folder does not exist then exit.
    tenantRootFolder = repositoryFileDao.getFileByAbsolutePath(ServerRepositoryPaths.getTenantRootFolderPath(theTenant));
    if (tenantRootFolder != null) {
        // Try to see if Tenant Home folder exist
        tenantHomeFolder = repositoryFileDao.getFileByAbsolutePath(ServerRepositoryPaths.getTenantHomeFolderPath(theTenant));
        if (tenantHomeFolder == null) {
            String ownerId = tenantedUserNameResolver.getPrincipleId(theTenant, username);
            RepositoryFileSid ownerSid = new RepositoryFileSid(ownerId, Type.USER);
            String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId(theTenant, tenantAuthenticatedRoleName);
            RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid(tenantAuthenticatedRoleId, Type.ROLE);
            aclsForTenantHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(tenantAuthenticatedRoleSid, EnumSet.of(RepositoryFilePermission.READ));
            aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
            tenantHomeFolder = repositoryFileDao.createFolder(tenantRootFolder.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantHomeFolderName()).folder(true).build(), aclsForTenantHomeFolder.build(), "tenant home folder");
        } else {
            String ownerId = tenantedUserNameResolver.getPrincipleId(theTenant, username);
            RepositoryFileSid ownerSid = new RepositoryFileSid(ownerId, Type.USER);
            aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
        }
        // now check if user's home folder exist
        userHomeFolder = repositoryFileDao.getFileByAbsolutePath(ServerRepositoryPaths.getUserHomeFolderPath(theTenant, username));
        if (userHomeFolder == null) {
            userHomeFolder = repositoryFileDao.createFolder(tenantHomeFolder.getId(), new RepositoryFile.Builder(username).folder(true).build(), aclsForUserHomeFolder.build(), // $NON-NLS-1$
            "user home folder");
        }
    }
    return userHomeFolder;
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) Builder(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)

Example 13 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class RepositoryTenantManager method createHomeFolder.

private RepositoryFile createHomeFolder(ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid) {
    String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId(tenant, tenantAdminRoleName);
    RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid(tenantAdminRoleId, Type.ROLE);
    String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId(tenant, tenantAuthenticatedRoleName);
    RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid(tenantAuthenticatedRoleId, Type.ROLE);
    RepositoryFile homeFolder = repositoryFileDao.createFolder(tenantRootFolder.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantHomeFolderName()).folder(true).title(Messages.getInstance().getString("RepositoryTenantManager.usersFolderDisplayName")).build(), new RepositoryFileAcl.Builder(fileOwnerSid).ace(tenantAdminRoleSid, EnumSet.of(RepositoryFilePermission.ALL)).ace(tenantAuthenticatedRoleSid, EnumSet.of(RepositoryFilePermission.READ)).build(), null);
    return homeFolder;
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) Builder(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)

Example 14 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class RepositoryTenantManager method createTenant.

/*
   * (non-Javadoc)
   * 
   * @see org.pentaho.platform.api.repository2.unified.ITenantManager#createTenant(java.lang.String,
   * java.lang.String)
   */
@Override
public ITenant createTenant(final ITenant parentTenant, final String tenantName, final String tenantAdminRoleName, final String authenticatedRoleName, final String anonymousRoleName) {
    Tenant newTenant;
    String parentTenantFolder;
    if (parentTenant == null) {
        if (repositoryFileDao.getFileByAbsolutePath("/" + tenantName) != null) {
            return null;
        }
    } else {
        if (repositoryFileDao.getFileByAbsolutePath(parentTenant.getRootFolderAbsolutePath() + "/" + tenantName) != null) {
            return null;
        }
    }
    if (parentTenant == null) {
        newTenant = new Tenant(RepositoryFile.SEPARATOR + tenantName, true);
        parentTenantFolder = "/";
    } else {
        newTenant = new Tenant(parentTenant.getRootFolderAbsolutePath() + RepositoryFile.SEPARATOR + tenantName, true);
        parentTenantFolder = parentTenant.getRootFolderAbsolutePath();
    }
    String tenantCreatorId = PentahoSessionHolder.getSession().getName();
    RepositoryFile tenantRootFolder = createTenantFolder(parentTenant, tenantName, tenantCreatorId);
    userRoleDao.createRole(newTenant, tenantAdminRoleName, "", new String[0]);
    userRoleDao.createRole(newTenant, authenticatedRoleName, "", new String[0]);
    userRoleDao.createRole(newTenant, anonymousRoleName, "", new String[0]);
    roleBindingDao.setRoleBindings(newTenant, authenticatedRoleName, singleTenantAuthenticatedAuthorityRoleBindingList);
    String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId(newTenant, tenantAdminRoleName);
    RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid(tenantAdminRoleId, Type.ROLE);
    this.jcrTemplate.save();
    // tenant admin permissions on the root folder.
    if (parentTenant == null) {
        repositoryFileAclDao.addAce(tenantRootFolder.getId(), tenantAdminRoleSid, EnumSet.of(RepositoryFilePermission.ALL));
    } else {
        RepositoryFileAcl acl = repositoryFileAclDao.getAcl(tenantRootFolder.getId());
        Builder aclBuilder = new RepositoryFileAcl.Builder(acl).ace(tenantAdminRoleSid, EnumSet.of(RepositoryFilePermission.ALL));
        IPentahoSession origPentahoSession = PentahoSessionHolder.getSession();
        Authentication origAuthentication = SecurityContextHolder.getContext().getAuthentication();
        login(repositoryAdminUsername, tenantAdminRoleId);
        try {
            // Give all to Tenant Admin of all ancestors
            while (!parentTenantFolder.equals("/")) {
                ITenant tenant = new Tenant(parentTenantFolder, true);
                String parentTenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId(tenant, tenantAdminRoleName);
                RepositoryFileSid parentTenantAdminSid = new RepositoryFileSid(parentTenantAdminRoleId, Type.ROLE);
                aclBuilder.ace(parentTenantAdminSid, EnumSet.of(RepositoryFilePermission.ALL));
                parentTenantFolder = FilenameUtils.getFullPathNoEndSeparator(parentTenantFolder);
            }
            repositoryFileAclDao.updateAcl(aclBuilder.build());
        } catch (Throwable th) {
            th.printStackTrace();
        } finally {
            PentahoSessionHolder.setSession(origPentahoSession);
            SecurityContextHolder.getContext().setAuthentication(origAuthentication);
        }
    }
    try {
        RepositoryFileSid fileOwnerSid = new RepositoryFileSid(tenantCreatorId);
        createInitialTenantFolders(newTenant, tenantRootFolder, fileOwnerSid);
    } catch (Exception ex) {
        throw new RuntimeException("Error creating initial tenant folders", ex);
    }
    return newTenant;
}
Also used : IPentahoSession(org.pentaho.platform.api.engine.IPentahoSession) Builder(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder) PathNotFoundException(javax.jcr.PathNotFoundException) RepositoryException(javax.jcr.RepositoryException) IOException(java.io.IOException) RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) Tenant(org.pentaho.platform.core.mt.Tenant) ITenant(org.pentaho.platform.api.mt.ITenant) ITenant(org.pentaho.platform.api.mt.ITenant) Builder(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder) Authentication(org.springframework.security.core.Authentication) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Example 15 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class AbstractJcrBackedUserRoleDao method createUserHomeFolder.

private RepositoryFile createUserHomeFolder(ITenant theTenant, String username, Session session) throws RepositoryException {
    Builder aclsForUserHomeFolder = null;
    Builder aclsForTenantHomeFolder = null;
    if (theTenant == null) {
        theTenant = JcrTenantUtils.getTenant(username, true);
        username = JcrTenantUtils.getPrincipalName(username, true);
    }
    if (theTenant == null || theTenant.getId() == null) {
        theTenant = JcrTenantUtils.getCurrentTenant();
    }
    if (theTenant == null || theTenant.getId() == null) {
        theTenant = JcrTenantUtils.getDefaultTenant();
    }
    RepositoryFile userHomeFolder = null;
    String userId = tenantedUserNameUtils.getPrincipleId(theTenant, username);
    final RepositoryFileSid userSid = new RepositoryFileSid(userId);
    RepositoryFile tenantHomeFolder = null;
    RepositoryFile tenantRootFolder = null;
    RepositoryFileSid ownerSid = null;
    // Get the Tenant Root folder. If the Tenant Root folder does not exist then exit.
    tenantRootFolder = JcrRepositoryFileUtils.getFileByAbsolutePath(session, ServerRepositoryPaths.getTenantRootFolderPath(theTenant), pathConversionHelper, lockHelper, false, null);
    if (tenantRootFolder != null) {
        // Try to see if Tenant Home folder exist
        tenantHomeFolder = JcrRepositoryFileUtils.getFileByAbsolutePath(session, ServerRepositoryPaths.getTenantHomeFolderPath(theTenant), pathConversionHelper, lockHelper, false, null);
        if (tenantHomeFolder == null) {
            String ownerId = tenantedUserNameUtils.getPrincipleId(theTenant, username);
            ownerSid = new RepositoryFileSid(ownerId, Type.USER);
            String tenantAuthenticatedRoleId = tenantedRoleNameUtils.getPrincipleId(theTenant, authenticatedRoleName);
            RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid(tenantAuthenticatedRoleId, Type.ROLE);
            aclsForTenantHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(tenantAuthenticatedRoleSid, EnumSet.of(RepositoryFilePermission.READ));
            aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
            tenantHomeFolder = internalCreateFolder(session, tenantRootFolder.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantHomeFolderName()).folder(true).title(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.usersFolderDisplayName")).build(), aclsForTenantHomeFolder.build(), // $NON-NLS-1$
            "tenant home folder");
        } else {
            String ownerId = tenantedUserNameUtils.getPrincipleId(theTenant, username);
            ownerSid = new RepositoryFileSid(ownerId, Type.USER);
            aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
        }
        // now check if user's home folder exist
        userHomeFolder = JcrRepositoryFileUtils.getFileByAbsolutePath(session, ServerRepositoryPaths.getUserHomeFolderPath(theTenant, username), pathConversionHelper, lockHelper, false, null);
        if (userHomeFolder == null) {
            userHomeFolder = internalCreateFolder(session, tenantHomeFolder.getId(), new RepositoryFile.Builder(username).folder(true).build(), aclsForUserHomeFolder.build(), // $NON-NLS-1$
            "user home folder");
        }
    }
    return userHomeFolder;
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) Builder(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)

Aggregations

RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)37 RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)30 RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)25 ITenant (org.pentaho.platform.api.mt.ITenant)15 Test (org.junit.Test)12 RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)10 Builder (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder)7 Matchers.anyString (org.mockito.Matchers.anyString)5 ArrayList (java.util.ArrayList)4 UnifiedRepositoryException (org.pentaho.platform.api.repository2.unified.UnifiedRepositoryException)4 Serializable (java.io.Serializable)3 Node (javax.jcr.Node)3 RepositoryException (javax.jcr.RepositoryException)3 IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)3 RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)3 StandaloneSession (org.pentaho.platform.engine.core.system.StandaloneSession)3 SpringSecurityRolePrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)3 Authentication (org.springframework.security.core.Authentication)3 TransactionStatus (org.springframework.transaction.TransactionStatus)3 TransactionCallbackWithoutResult (org.springframework.transaction.support.TransactionCallbackWithoutResult)3