use of org.pentaho.platform.engine.security.acls.PentahoAclEntry in project pentaho-platform by pentaho.
the class SpringSecurityPermissionMgr method setPermission.
@SuppressWarnings("deprecation")
public void setPermission(final IPermissionRecipient permissionRecipient, final IPermissionMask permission, final Object object) {
if (object == null || !(object instanceof IAclHolder)) {
// i would argue that the "object" parameter should be IAclHolder!
return;
}
IAclHolder aclHolder = (IAclHolder) object;
PentahoAclEntry entry = new PentahoAclEntry();
// TODO mlowery instanceof is undesirable as it doesn't allow new concrete classes.
if (permissionRecipient instanceof SimpleRole) {
entry.setRecipient(new SimpleGrantedAuthority(permissionRecipient.getName()));
} else {
entry.setRecipient(permissionRecipient.getName());
}
entry.addPermission(permission.getMask());
// HibernateUtil.beginTransaction(); - This is now handled by the RepositoryFile
aclHolder.getAccessControls().add(entry);
// HibernateUtil.commitTransaction(); - This should be covered by the exitPoint call
}
use of org.pentaho.platform.engine.security.acls.PentahoAclEntry in project pentaho-platform by pentaho.
the class SpringSecurityPermissionMgr method setPermissions.
@SuppressWarnings("deprecation")
public void setPermissions(final Map<IPermissionRecipient, IPermissionMask> permissionsMap, final Object object) {
if (object == null || !(object instanceof IAclHolder)) {
// i would argue that the "object" parameter should be IAclHolder!
return;
}
IAclHolder aclHolder = (IAclHolder) object;
Set<Map.Entry<IPermissionRecipient, IPermissionMask>> mapEntrySet = permissionsMap.entrySet();
ArrayList<IPentahoAclEntry> aclList = new ArrayList<IPentahoAclEntry>();
for (Entry<IPermissionRecipient, IPermissionMask> mapEntry : mapEntrySet) {
PentahoAclEntry pentahoAclEntry = new PentahoAclEntry();
IPermissionRecipient permissionRecipient = mapEntry.getKey();
if (permissionRecipient instanceof SimpleRole) {
pentahoAclEntry.setRecipient(new SimpleGrantedAuthority(permissionRecipient.getName()));
} else {
pentahoAclEntry.setRecipient(permissionRecipient.getName());
}
pentahoAclEntry.addPermission(mapEntry.getValue().getMask());
aclList.add(pentahoAclEntry);
}
// HibernateUtil.beginTransaction(); - This is now handled in the RepositoryFile
aclHolder.resetAccessControls(aclList);
// HibernateUtil.commitTransaction(); - This is covered by the exitPoint
}
use of org.pentaho.platform.engine.security.acls.PentahoAclEntry in project pentaho-platform by pentaho.
the class AccessVoterToLegacyAcl method convert.
private LegacyRepositoryFile convert(RepositoryFile file, RepositoryFileAcl acl) {
LegacyRepositoryFile legacy = new LegacyRepositoryFile(file.getName(), file.getPath(), file.isFolder());
legacy.setId(file.getId());
if (file.getLastModifiedDate() != null) {
legacy.setLastModified(file.getLastModifiedDate().getTime());
}
List<IPentahoAclEntry> legacyAcls = new ArrayList<IPentahoAclEntry>();
for (RepositoryFileAce fileAce : acl.getAces()) {
if (fileAce != null && fileAce.getSid() != null && fileAce.getPermissions() != null) {
for (RepositoryFilePermission filePermission : fileAce.getPermissions()) {
PentahoAclEntry fileAcl = new PentahoAclEntry();
if (RepositoryFileSid.Type.USER == fileAce.getSid().getType()) {
// user
fileAcl.setRecipient(fileAce.getSid().getName());
} else {
// role
fileAcl.setRecipient(new SimpleGrantedAuthority(fileAce.getSid().getName()));
}
fileAcl.setMask(mask(filePermission));
legacyAcls.add(fileAcl);
}
}
}
legacy.setAccessControls(legacyAcls);
return legacy;
}
use of org.pentaho.platform.engine.security.acls.PentahoAclEntry in project pentaho-platform by pentaho.
the class TestPentahoAclEntryTest method testAcls.
@SuppressWarnings("deprecation")
public void testAcls() {
PentahoAclEntry aclEntry = null;
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_NOTHING);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "------");
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_EXECUTE);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "X-----");
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_SUBSCRIBE);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "-S----");
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_CREATE);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "--C---");
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_UPDATE);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "---U--");
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_DELETE);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "----D-");
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_UPDATE_PERMS);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "-----P");
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_ADMINISTRATION);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "--CUDP");
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_EXECUTE_SUBSCRIBE);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "XS----");
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_ADMIN_ALL);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "XSCUD-");
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_SUBSCRIBE_ADMINISTRATION);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "-SCUDP");
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_EXECUTE_ADMINISTRATION);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "X-CUDP");
// $NON-NLS-1$
aclEntry = new PentahoAclEntry("admin", IPentahoAclEntry.PERM_FULL_CONTROL);
// $NON-NLS-1$
assertEquals(aclEntry.printPermissionsBlock(), "XSCUDP");
// $NON-NLS-1$
aclEntry.setRecipient(new SimpleGrantedAuthority("ROLE_ADMIN"));
Object recip = aclEntry.getRecipient();
if (!(recip instanceof GrantedAuthority)) {
// $NON-NLS-1$
fail("setRecipientString failed - GrantedAuthority.");
}
// $NON-NLS-1$
aclEntry.setRecipient("suzy");
recip = aclEntry.getRecipient();
if (!(recip instanceof String)) {
// $NON-NLS-1$
fail("setRecipientString failed - User.");
}
}
use of org.pentaho.platform.engine.security.acls.PentahoAclEntry in project pentaho-platform by pentaho.
the class PentahoBasicAclVoter method getEffectiveAcl.
public PentahoAclEntry getEffectiveAcl(final IPentahoSession session, final IAclHolder holder) {
// First, get all the ACLs on the object that apply to the user.
IAclEntry[] effectiveAcls = getEffectiveAcls(session, holder);
PentahoAclEntry entry = new PentahoAclEntry();
entry.setMask(IPentahoAclEntry.PERM_NOTHING);
// indicates their access.
if ((effectiveAcls != null) && (effectiveAcls.length > 0)) {
int[] allAcls = new int[effectiveAcls.length];
for (int i = 0; i < effectiveAcls.length; i++) {
allAcls[i] = ((IPentahoAclEntry) effectiveAcls[i]).getMask();
}
entry.addPermissions(allAcls);
return entry;
} else {
return entry;
}
}
Aggregations