Search in sources :

Example 36 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class RepositoryTenantManager method createInitialTenantFolders.

protected void createInitialTenantFolders(ITenant tenant, final RepositoryFile tenantRootFolder, final RepositoryFileSid fileOwnerSid) throws RepositoryException {
    // We create a tenant's home folder while creating a user
    createPublicFolder(tenant, tenantRootFolder, fileOwnerSid);
    RepositoryFile etcFolder = createEtcFolder(tenant, tenantRootFolder, fileOwnerSid);
    createHomeFolder(tenant, tenantRootFolder, fileOwnerSid);
    setAsSystemFolder(etcFolder.getId());
}
Also used : RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile)

Example 37 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class RepositoryTenantManager method createEtcFolder.

private RepositoryFile createEtcFolder(ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid) {
    String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId(tenant, tenantAuthenticatedRoleName);
    RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid(tenantAuthenticatedRoleId, Type.ROLE);
    String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId(tenant, tenantAdminRoleName);
    RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid(tenantAdminRoleId, Type.ROLE);
    RepositoryFile etcFolder = repositoryFileDao.createFolder(tenantRootFolder.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantEtcFolderName()).folder(true).build(), new RepositoryFileAcl.Builder(fileOwnerSid).entriesInheriting(true).ace(tenantAuthenticatedRoleSid, EnumSet.of(RepositoryFilePermission.READ)).ace(tenantAdminRoleSid, EnumSet.of(RepositoryFilePermission.ALL)).build(), null);
    RepositoryFile pdiFolder = repositoryFileDao.createFolder(etcFolder.getId(), new RepositoryFile.Builder("pdi").folder(true).build(), new RepositoryFileAcl.Builder(fileOwnerSid).entriesInheriting(true).build(), null);
    repositoryFileDao.createFolder(pdiFolder.getId(), new RepositoryFile.Builder("databases").folder(true).build(), new RepositoryFileAcl.Builder(fileOwnerSid).entriesInheriting(true).build(), null);
    repositoryFileDao.createFolder(pdiFolder.getId(), new RepositoryFile.Builder("slaveServers").folder(true).build(), new RepositoryFileAcl.Builder(fileOwnerSid).entriesInheriting(true).build(), null);
    repositoryFileDao.createFolder(pdiFolder.getId(), new RepositoryFile.Builder("clusterSchemas").folder(true).build(), new RepositoryFileAcl.Builder(fileOwnerSid).entriesInheriting(true).build(), null);
    repositoryFileDao.createFolder(pdiFolder.getId(), new RepositoryFile.Builder("partitionSchemas").folder(true).build(), new RepositoryFileAcl.Builder(fileOwnerSid).entriesInheriting(true).build(), null);
    repositoryFileDao.createFolder(etcFolder.getId(), new RepositoryFile.Builder("metastore").folder(true).build(), new RepositoryFileAcl.Builder(fileOwnerSid).entriesInheriting(true).build(), null);
    return etcFolder;
}
Also used : RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) Builder(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Example 38 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclDao method toAcl.

private RepositoryFileAcl toAcl(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id) throws RepositoryException {
    Node node = session.getNodeByIdentifier(id.toString());
    if (node == null) {
        throw new RepositoryException(Messages.getInstance().getString("JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", // $NON-NLS-1$
        id.toString()));
    }
    String absPath = node.getPath();
    AccessControlManager acMgr = session.getAccessControlManager();
    AccessControlList acList = getAccessControlList(acMgr, absPath);
    RepositoryFileSid owner = null;
    String ownerString = getOwner(session, absPath, acList);
    if (ownerString != null) {
        // for now, just assume all owners are users; only has UI impact
        owner = new RepositoryFileSid(JcrTenantUtils.getUserNameUtils().getPrincipleName(ownerString), RepositoryFileSid.Type.USER);
    }
    RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder(id, owner);
    aclBuilder.entriesInheriting(isEntriesInheriting(session, absPath, acList));
    List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata(Arrays.asList(acList.getAccessControlEntries()));
    for (AccessControlEntry acEntry : cleanedAcEntries) {
        if (!acEntry.getPrincipal().equals(new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(tenantAdminAuthorityName)))) {
            aclBuilder.ace(toAce(session, acEntry));
        }
    }
    return aclBuilder.build();
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal) Node(javax.jcr.Node) AccessControlEntry(javax.jcr.security.AccessControlEntry) RepositoryException(javax.jcr.RepositoryException) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Example 39 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class JcrRepositoryFileUtils method createFolder.

public static RepositoryFile createFolder(final Session session, final CredentialsStrategySessionFactory sessionFactory, final RepositoryFile parentFolder, final RepositoryFile folder, final boolean inheritAces, final RepositoryFileSid ownerSid, final IPathConversionHelper pathConversionHelper, final String versionMessage) throws RepositoryException {
    Serializable parentFolderId = parentFolder == null ? null : parentFolder.getId();
    PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants(session);
    JcrRepositoryFileUtils.checkoutNearestVersionableFileIfNecessary(session, pentahoJcrConstants, parentFolderId);
    Node folderNode = createFolderNode(session, pentahoJcrConstants, parentFolderId, folder);
    session.save();
    JcrRepositoryFileAclUtils.createAcl(session, pentahoJcrConstants, folderNode.getIdentifier(), new RepositoryFileAcl.Builder(ownerSid).entriesInheriting(inheritAces).build());
    session.save();
    if (folder.isVersioned()) {
        JcrRepositoryFileUtils.checkinNearestVersionableNodeIfNecessary(session, pentahoJcrConstants, folderNode, versionMessage);
    }
    JcrRepositoryFileUtils.checkinNearestVersionableFileIfNecessary(session, pentahoJcrConstants, parentFolderId, Messages.getInstance().getString("JcrRepositoryFileDao.USER_0001_VER_COMMENT_ADD_FOLDER", folder.getName(), // $NON-NLS-1$ //$NON-NLS-2$
    (parentFolderId == null ? "root" : parentFolderId.toString())));
    return JcrRepositoryFileUtils.getFileById(session, pentahoJcrConstants, pathConversionHelper, null, folderNode.getIdentifier());
}
Also used : Serializable(java.io.Serializable) Node(javax.jcr.Node) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)

Example 40 with RepositoryFileSid

use of org.pentaho.platform.api.repository2.unified.RepositoryFileSid in project pentaho-platform by pentaho.

the class DefaultUnifiedRepositoryBase method createUserHomeFolder.

protected void createUserHomeFolder(final ITenant theTenant, final String theUsername) {
    IPentahoSession origPentahoSession = PentahoSessionHolder.getSession();
    Authentication origAuthentication = SecurityContextHolder.getContext().getAuthentication();
    StandaloneSession pentahoSession = new StandaloneSession(repositoryAdminUsername);
    pentahoSession.setAuthenticated(null, repositoryAdminUsername);
    PentahoSessionHolder.setSession(pentahoSession);
    try {
        txnTemplate.execute(new TransactionCallbackWithoutResult() {

            public void doInTransactionWithoutResult(final TransactionStatus status) {
                RepositoryFileAcl.Builder aclsForUserHomeFolder = null;
                RepositoryFileAcl.Builder aclsForTenantHomeFolder = null;
                ITenant tenant = null;
                String username = null;
                if (theTenant == null) {
                    tenant = getTenant(username, true);
                    username = getPrincipalName(theUsername, true);
                } else {
                    tenant = theTenant;
                    username = theUsername;
                }
                if (tenant == null || tenant.getId() == null) {
                    tenant = getCurrentTenant();
                }
                if (tenant == null || tenant.getId() == null) {
                    tenant = JcrTenantUtils.getDefaultTenant();
                }
                RepositoryFile userHomeFolder = null;
                String userId = userNameUtils.getPrincipleId(theTenant, username);
                final RepositoryFileSid userSid = new RepositoryFileSid(userId);
                RepositoryFile tenantHomeFolder = null;
                RepositoryFile tenantRootFolder = null;
                // Get the Tenant Root folder. If the Tenant Root folder does not exist then exit.
                tenantRootFolder = repositoryFileDao.getFileByAbsolutePath(ServerRepositoryPaths.getTenantRootFolderPath(theTenant));
                if (tenantRootFolder != null) {
                    // Try to see if Tenant Home folder exist
                    tenantHomeFolder = repositoryFileDao.getFileByAbsolutePath(ServerRepositoryPaths.getTenantHomeFolderPath(theTenant));
                    if (tenantHomeFolder == null) {
                        String ownerId = userNameUtils.getPrincipleId(theTenant, username);
                        RepositoryFileSid ownerSid = new RepositoryFileSid(ownerId, RepositoryFileSid.Type.USER);
                        String tenantAuthenticatedRoleId = roleNameUtils.getPrincipleId(theTenant, tenantAuthenticatedRoleName);
                        RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid(tenantAuthenticatedRoleId, RepositoryFileSid.Type.ROLE);
                        aclsForTenantHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(tenantAuthenticatedRoleSid, EnumSet.of(RepositoryFilePermission.READ));
                        aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
                        tenantHomeFolder = repositoryFileDao.createFolder(tenantRootFolder.getId(), new RepositoryFile.Builder(ServerRepositoryPaths.getTenantHomeFolderName()).folder(true).build(), aclsForTenantHomeFolder.build(), "tenant home folder");
                    } else {
                        String ownerId = userNameUtils.getPrincipleId(theTenant, username);
                        RepositoryFileSid ownerSid = new RepositoryFileSid(ownerId, RepositoryFileSid.Type.USER);
                        aclsForUserHomeFolder = new RepositoryFileAcl.Builder(userSid).ace(ownerSid, EnumSet.of(RepositoryFilePermission.ALL));
                    }
                    // now check if user's home folder exist
                    userHomeFolder = repositoryFileDao.getFileByAbsolutePath(ServerRepositoryPaths.getUserHomeFolderPath(theTenant, username));
                    if (userHomeFolder == null) {
                        userHomeFolder = repositoryFileDao.createFolder(tenantHomeFolder.getId(), new RepositoryFile.Builder(username).folder(true).build(), aclsForUserHomeFolder.build(), // $NON-NLS-1$
                        "user home folder");
                    }
                }
            }
        });
    } finally {
        // Switch our identity back to the original user.
        PentahoSessionHolder.setSession(origPentahoSession);
        SecurityContextHolder.getContext().setAuthentication(origAuthentication);
    }
}
Also used : StandaloneSession(org.pentaho.platform.engine.core.system.StandaloneSession) IPentahoSession(org.pentaho.platform.api.engine.IPentahoSession) TransactionStatus(org.springframework.transaction.TransactionStatus) RepositoryFileSid(org.pentaho.platform.api.repository2.unified.RepositoryFileSid) ITenant(org.pentaho.platform.api.mt.ITenant) Authentication(org.springframework.security.core.Authentication) RepositoryFile(org.pentaho.platform.api.repository2.unified.RepositoryFile) RepositoryFileAcl(org.pentaho.platform.api.repository2.unified.RepositoryFileAcl) TransactionCallbackWithoutResult(org.springframework.transaction.support.TransactionCallbackWithoutResult)

Aggregations

RepositoryFileSid (org.pentaho.platform.api.repository2.unified.RepositoryFileSid)37 RepositoryFileAcl (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl)30 RepositoryFile (org.pentaho.platform.api.repository2.unified.RepositoryFile)25 ITenant (org.pentaho.platform.api.mt.ITenant)15 Test (org.junit.Test)12 RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)10 Builder (org.pentaho.platform.api.repository2.unified.RepositoryFileAcl.Builder)7 Matchers.anyString (org.mockito.Matchers.anyString)5 ArrayList (java.util.ArrayList)4 UnifiedRepositoryException (org.pentaho.platform.api.repository2.unified.UnifiedRepositoryException)4 Serializable (java.io.Serializable)3 Node (javax.jcr.Node)3 RepositoryException (javax.jcr.RepositoryException)3 IPentahoSession (org.pentaho.platform.api.engine.IPentahoSession)3 RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)3 StandaloneSession (org.pentaho.platform.engine.core.system.StandaloneSession)3 SpringSecurityRolePrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)3 Authentication (org.springframework.security.core.Authentication)3 TransactionStatus (org.springframework.transaction.TransactionStatus)3 TransactionCallbackWithoutResult (org.springframework.transaction.support.TransactionCallbackWithoutResult)3