use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.
the class JcrRepositoryFileAclUtils method addAce.
public static void addAce(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission) throws RepositoryException {
RepositoryFileSid newRecipient = recipient;
if (JcrTenantUtils.getUserNameUtils().getTenant(recipient.getName()) == null) {
newRecipient = new RepositoryFileSid(JcrTenantUtils.getTenantedUser(recipient.getName()), recipient.getType());
}
RepositoryFileAcl acl = getAcl(session, pentahoJcrConstants, id);
RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder(acl).ace(newRecipient, permission).build();
updateAcl(session, updatedAcl);
}
use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.
the class AbstractRepositoryTenantManager method createUserHomeFolder.
@Override
public RepositoryFile createUserHomeFolder(ITenant theTenant, String username) {
Builder aclsForUserHomeFolder = null;
Builder aclsForTenantHomeFolder = null;
RepositoryFile userHomeFolder = null;
RepositoryFile tenantHomeFolder = null;
RepositoryFile tenantRootFolder = null;
String userId = tenantedUserNameResolver.getPrincipleId(theTenant, username);
final RepositoryFileSid userSid = new RepositoryFileSid(userId);
username = JcrTenantUtils.getPrincipalName(username, true);
if (theTenant == null) {
theTenant = JcrTenantUtils.getTenant(username, true);
}
// Get the Tenant Root folder. If the Tenant Root folder does not exist then exit.
tenantRootFolder = repositoryFileDao.getFileByAbsolutePath(ServerRepositoryPaths.getTenantRootFolderPath(theTenant));
if (tenantRootFolder != null) {
// Try to see if Tenant Home folder exist
tenantHomeFolder = repositoryFileDao.getFileByAbsolutePath(ServerRepositoryPaths.getTenantHomeFolderPath(theTenant));
if (tenantHomeFolder == null) {
String ownerId = tenantedUserNameResolver.getPrincipleId(theTenant, username);
RepositoryFileSid ownerSid = new RepositoryFileSid(ownerId, Type.USER);
String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId(theTenant, tenantAuthenticatedRoleName);
RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid(tenantAuthenticatedRoleId, Type.ROLE);
aclsForTenantHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(tenantAuthenticatedRoleSid, EnumSet.of(RepositoryFilePermission.READ));
aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
tenantHomeFolder = repositoryFileDao.createFolder(tenantRootFolder.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantHomeFolderName()).folder(true).build(), aclsForTenantHomeFolder.build(), "tenant home folder");
} else {
String ownerId = tenantedUserNameResolver.getPrincipleId(theTenant, username);
RepositoryFileSid ownerSid = new RepositoryFileSid(ownerId, Type.USER);
aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
}
// now check if user's home folder exist
userHomeFolder = repositoryFileDao.getFileByAbsolutePath(ServerRepositoryPaths.getUserHomeFolderPath(theTenant, username));
if (userHomeFolder == null) {
userHomeFolder = repositoryFileDao.createFolder(tenantHomeFolder.getId(), new RepositoryFile.Builder(username).folder(true).build(), aclsForUserHomeFolder.build(), // $NON-NLS-1$
"user home folder");
}
}
return userHomeFolder;
}
use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.
the class RepositoryTenantManager method createHomeFolder.
private RepositoryFile createHomeFolder(ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid) {
String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId(tenant, tenantAdminRoleName);
RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid(tenantAdminRoleId, Type.ROLE);
String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId(tenant, tenantAuthenticatedRoleName);
RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid(tenantAuthenticatedRoleId, Type.ROLE);
RepositoryFile homeFolder = repositoryFileDao.createFolder(tenantRootFolder.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantHomeFolderName()).folder(true).title(Messages.getInstance().getString("RepositoryTenantManager.usersFolderDisplayName")).build(), new RepositoryFileAcl.Builder(fileOwnerSid).ace(tenantAdminRoleSid, EnumSet.of(RepositoryFilePermission.ALL)).ace(tenantAuthenticatedRoleSid, EnumSet.of(RepositoryFilePermission.READ)).build(), null);
return homeFolder;
}
use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.
the class RepositoryTenantManager method createTenant.
/*
* (non-Javadoc)
*
* @see org.pentaho.platform.api.repository2.unified.ITenantManager#createTenant(java.lang.String,
* java.lang.String)
*/
@Override
public ITenant createTenant(final ITenant parentTenant, final String tenantName, final String tenantAdminRoleName, final String authenticatedRoleName, final String anonymousRoleName) {
Tenant newTenant;
String parentTenantFolder;
if (parentTenant == null) {
if (repositoryFileDao.getFileByAbsolutePath("/" + tenantName) != null) {
return null;
}
} else {
if (repositoryFileDao.getFileByAbsolutePath(parentTenant.getRootFolderAbsolutePath() + "/" + tenantName) != null) {
return null;
}
}
if (parentTenant == null) {
newTenant = new Tenant(RepositoryFile.SEPARATOR + tenantName, true);
parentTenantFolder = "/";
} else {
newTenant = new Tenant(parentTenant.getRootFolderAbsolutePath() + RepositoryFile.SEPARATOR + tenantName, true);
parentTenantFolder = parentTenant.getRootFolderAbsolutePath();
}
String tenantCreatorId = PentahoSessionHolder.getSession().getName();
RepositoryFile tenantRootFolder = createTenantFolder(parentTenant, tenantName, tenantCreatorId);
userRoleDao.createRole(newTenant, tenantAdminRoleName, "", new String[0]);
userRoleDao.createRole(newTenant, authenticatedRoleName, "", new String[0]);
userRoleDao.createRole(newTenant, anonymousRoleName, "", new String[0]);
roleBindingDao.setRoleBindings(newTenant, authenticatedRoleName, singleTenantAuthenticatedAuthorityRoleBindingList);
String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId(newTenant, tenantAdminRoleName);
RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid(tenantAdminRoleId, Type.ROLE);
this.jcrTemplate.save();
// tenant admin permissions on the root folder.
if (parentTenant == null) {
repositoryFileAclDao.addAce(tenantRootFolder.getId(), tenantAdminRoleSid, EnumSet.of(RepositoryFilePermission.ALL));
} else {
RepositoryFileAcl acl = repositoryFileAclDao.getAcl(tenantRootFolder.getId());
Builder aclBuilder = new RepositoryFileAcl.Builder(acl).ace(tenantAdminRoleSid, EnumSet.of(RepositoryFilePermission.ALL));
IPentahoSession origPentahoSession = PentahoSessionHolder.getSession();
Authentication origAuthentication = SecurityContextHolder.getContext().getAuthentication();
login(repositoryAdminUsername, tenantAdminRoleId);
try {
// Give all to Tenant Admin of all ancestors
while (!parentTenantFolder.equals("/")) {
ITenant tenant = new Tenant(parentTenantFolder, true);
String parentTenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId(tenant, tenantAdminRoleName);
RepositoryFileSid parentTenantAdminSid = new RepositoryFileSid(parentTenantAdminRoleId, Type.ROLE);
aclBuilder.ace(parentTenantAdminSid, EnumSet.of(RepositoryFilePermission.ALL));
parentTenantFolder = FilenameUtils.getFullPathNoEndSeparator(parentTenantFolder);
}
repositoryFileAclDao.updateAcl(aclBuilder.build());
} catch (Throwable th) {
th.printStackTrace();
} finally {
PentahoSessionHolder.setSession(origPentahoSession);
SecurityContextHolder.getContext().setAuthentication(origAuthentication);
}
}
try {
RepositoryFileSid fileOwnerSid = new RepositoryFileSid(tenantCreatorId);
createInitialTenantFolders(newTenant, tenantRootFolder, fileOwnerSid);
} catch (Exception ex) {
throw new RuntimeException("Error creating initial tenant folders", ex);
}
return newTenant;
}
use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.
the class AbstractJcrBackedUserRoleDao method createUserHomeFolder.
private RepositoryFile createUserHomeFolder(ITenant theTenant, String username, Session session) throws RepositoryException {
Builder aclsForUserHomeFolder = null;
Builder aclsForTenantHomeFolder = null;
if (theTenant == null) {
theTenant = JcrTenantUtils.getTenant(username, true);
username = JcrTenantUtils.getPrincipalName(username, true);
}
if (theTenant == null || theTenant.getId() == null) {
theTenant = JcrTenantUtils.getCurrentTenant();
}
if (theTenant == null || theTenant.getId() == null) {
theTenant = JcrTenantUtils.getDefaultTenant();
}
RepositoryFile userHomeFolder = null;
String userId = tenantedUserNameUtils.getPrincipleId(theTenant, username);
final RepositoryFileSid userSid = new RepositoryFileSid(userId);
RepositoryFile tenantHomeFolder = null;
RepositoryFile tenantRootFolder = null;
RepositoryFileSid ownerSid = null;
// Get the Tenant Root folder. If the Tenant Root folder does not exist then exit.
tenantRootFolder = JcrRepositoryFileUtils.getFileByAbsolutePath(session, ServerRepositoryPaths.getTenantRootFolderPath(theTenant), pathConversionHelper, lockHelper, false, null);
if (tenantRootFolder != null) {
// Try to see if Tenant Home folder exist
tenantHomeFolder = JcrRepositoryFileUtils.getFileByAbsolutePath(session, ServerRepositoryPaths.getTenantHomeFolderPath(theTenant), pathConversionHelper, lockHelper, false, null);
if (tenantHomeFolder == null) {
String ownerId = tenantedUserNameUtils.getPrincipleId(theTenant, username);
ownerSid = new RepositoryFileSid(ownerId, Type.USER);
String tenantAuthenticatedRoleId = tenantedRoleNameUtils.getPrincipleId(theTenant, authenticatedRoleName);
RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid(tenantAuthenticatedRoleId, Type.ROLE);
aclsForTenantHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(tenantAuthenticatedRoleSid, EnumSet.of(RepositoryFilePermission.READ));
aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
tenantHomeFolder = internalCreateFolder(session, tenantRootFolder.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantHomeFolderName()).folder(true).title(Messages.getInstance().getString("AbstractJcrBackedUserRoleDao.usersFolderDisplayName")).build(), aclsForTenantHomeFolder.build(), // $NON-NLS-1$
"tenant home folder");
} else {
String ownerId = tenantedUserNameUtils.getPrincipleId(theTenant, username);
ownerSid = new RepositoryFileSid(ownerId, Type.USER);
aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
}
// now check if user's home folder exist
userHomeFolder = JcrRepositoryFileUtils.getFileByAbsolutePath(session, ServerRepositoryPaths.getUserHomeFolderPath(theTenant, username), pathConversionHelper, lockHelper, false, null);
if (userHomeFolder == null) {
userHomeFolder = internalCreateFolder(session, tenantHomeFolder.getId(), new RepositoryFile.Builder(username).folder(true).build(), aclsForUserHomeFolder.build(), // $NON-NLS-1$
"user home folder");
}
}
return userHomeFolder;
}
Aggregations