Examples with PentahoAclEntry org.pentaho.platform.engine.security.acls.PentahoAclEntry used on opensource projects

Example 1 with PentahoAclEntry

use of org.pentaho.platform.engine.security.acls.PentahoAclEntry in project pentaho-platform by pentaho.

the class SpringSecurityPermissionMgr method setPermission.

@SuppressWarnings("deprecation")
public void setPermission(final IPermissionRecipient permissionRecipient, final IPermissionMask permission, final Object object) {
    if (object == null || !(object instanceof IAclHolder)) {
        // i would argue that the "object" parameter should be IAclHolder!
        return;
    }
    IAclHolder aclHolder = (IAclHolder) object;
    PentahoAclEntry entry = new PentahoAclEntry();
    // TODO mlowery instanceof is undesirable as it doesn't allow new concrete classes.
    if (permissionRecipient instanceof SimpleRole) {
        entry.setRecipient(new SimpleGrantedAuthority(permissionRecipient.getName()));
    } else {
        entry.setRecipient(permissionRecipient.getName());
    }
    entry.addPermission(permission.getMask());
    // HibernateUtil.beginTransaction(); - This is now handled by the RepositoryFile
    aclHolder.getAccessControls().add(entry);
// HibernateUtil.commitTransaction(); - This should be covered by the exitPoint call
}

Example 2 with PentahoAclEntry

use of org.pentaho.platform.engine.security.acls.PentahoAclEntry in project pentaho-platform by pentaho.

the class SpringSecurityPermissionMgr method setPermissions.

@SuppressWarnings("deprecation")
public void setPermissions(final Map<IPermissionRecipient, IPermissionMask> permissionsMap, final Object object) {
    if (object == null || !(object instanceof IAclHolder)) {
        // i would argue that the "object" parameter should be IAclHolder!
        return;
    }
    IAclHolder aclHolder = (IAclHolder) object;
    Set<Map.Entry<IPermissionRecipient, IPermissionMask>> mapEntrySet = permissionsMap.entrySet();
    ArrayList<IPentahoAclEntry> aclList = new ArrayList<IPentahoAclEntry>();
    for (Entry<IPermissionRecipient, IPermissionMask> mapEntry : mapEntrySet) {
        PentahoAclEntry pentahoAclEntry = new PentahoAclEntry();
        IPermissionRecipient permissionRecipient = mapEntry.getKey();
        if (permissionRecipient instanceof SimpleRole) {
            pentahoAclEntry.setRecipient(new SimpleGrantedAuthority(permissionRecipient.getName()));
        } else {
            pentahoAclEntry.setRecipient(permissionRecipient.getName());
        }
        pentahoAclEntry.addPermission(mapEntry.getValue().getMask());
        aclList.add(pentahoAclEntry);
    }
    // HibernateUtil.beginTransaction(); - This is now handled in the RepositoryFile
    aclHolder.resetAccessControls(aclList);
// HibernateUtil.commitTransaction(); - This is covered by the exitPoint
}

Example 3 with PentahoAclEntry

use of org.pentaho.platform.engine.security.acls.PentahoAclEntry in project pentaho-platform by pentaho.

the class AccessVoterToLegacyAcl method convert.

private LegacyRepositoryFile convert(RepositoryFile file, RepositoryFileAcl acl) {
    LegacyRepositoryFile legacy = new LegacyRepositoryFile(file.getName(), file.getPath(), file.isFolder());
    legacy.setId(file.getId());
    if (file.getLastModifiedDate() != null) {
        legacy.setLastModified(file.getLastModifiedDate().getTime());
    }
    List<IPentahoAclEntry> legacyAcls = new ArrayList<IPentahoAclEntry>();
    for (RepositoryFileAce fileAce : acl.getAces()) {
        if (fileAce != null && fileAce.getSid() != null && fileAce.getPermissions() != null) {
            for (RepositoryFilePermission filePermission : fileAce.getPermissions()) {
                PentahoAclEntry fileAcl = new PentahoAclEntry();
                if (RepositoryFileSid.Type.USER == fileAce.getSid().getType()) {
                    // user
                    fileAcl.setRecipient(fileAce.getSid().getName());
                } else {
                    // role
                    fileAcl.setRecipient(new SimpleGrantedAuthority(fileAce.getSid().getName()));
                }
                fileAcl.setMask(mask(filePermission));
                legacyAcls.add(fileAcl);
            }
        }
    }
    legacy.setAccessControls(legacyAcls);
    return legacy;
}

Example 4 with PentahoAclEntry

use of org.pentaho.platform.engine.security.acls.PentahoAclEntry in project pentaho-platform by pentaho.

the class TestPentahoAclEntryTest method testAcls.

@SuppressWarnings("deprecation")
public void testAcls() {
    PentahoAclEntry aclEntry = null;
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_NOTHING);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "------");
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_EXECUTE);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "X-----");
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_SUBSCRIBE);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "-S----");
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_CREATE);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "--C---");
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_UPDATE);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "---U--");
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_DELETE);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "----D-");
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_UPDATE_PERMS);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "-----P");
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_ADMINISTRATION);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "--CUDP");
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_EXECUTE_SUBSCRIBE);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "XS----");
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_ADMIN_ALL);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "XSCUD-");
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_SUBSCRIBE_ADMINISTRATION);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "-SCUDP");
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_EXECUTE_ADMINISTRATION);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "X-CUDP");
    // $NON-NLS-1$
    aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_FULL_CONTROL);
    // $NON-NLS-1$
    assertEquals(aclEntry.printPermissionsBlock(), "XSCUDP");
    // $NON-NLS-1$
    aclEntry.setRecipient(new SimpleGrantedAuthority("ROLE_ADMIN"));
    Object recip = aclEntry.getRecipient();
    if (!(recip instanceof GrantedAuthority)) {
        // $NON-NLS-1$
        fail("setRecipientString failed - GrantedAuthority.");
    }
    // $NON-NLS-1$
    aclEntry.setRecipient("suzy");
    recip = aclEntry.getRecipient();
    if (!(recip instanceof String)) {
        // $NON-NLS-1$
        fail("setRecipientString failed - User.");
    }
}

Example 5 with PentahoAclEntry

use of org.pentaho.platform.engine.security.acls.PentahoAclEntry in project pentaho-platform by pentaho.

the class PentahoBasicAclVoter method getEffectiveAcl.

public PentahoAclEntry getEffectiveAcl(final IPentahoSession session, final IAclHolder holder) {
    // First, get all the ACLs on the object that apply to the user.
    IAclEntry[] effectiveAcls = getEffectiveAcls(session, holder);
    PentahoAclEntry entry = new PentahoAclEntry();
    entry.setMask(IPentahoAclEntry.PERM_NOTHING);
    // indicates their access.
    if ((effectiveAcls != null) && (effectiveAcls.length > 0)) {
        int[] allAcls = new int[effectiveAcls.length];
        for (int i = 0; i < effectiveAcls.length; i++) {
            allAcls[i] = ((IPentahoAclEntry) effectiveAcls[i]).getMask();
        }
        entry.addPermissions(allAcls);
        return entry;
    } else {
        return entry;
    }
}