Search in sources :

Example 1 with SpringSecurityUserPrincipal

use of org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclDao method internalUpdateAcl.

protected RepositoryFileAcl internalUpdateAcl(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable fileId, final RepositoryFileAcl acl) throws RepositoryException {
    if (isKioskEnabled()) {
        // $NON-NLS-1$
        throw new RuntimeException(Messages.getInstance().getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED"));
    }
    DefaultPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper(session);
    Node node = session.getNodeByIdentifier(fileId.toString());
    if (node == null) {
        throw new RepositoryException(Messages.getInstance().getString("JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", // $NON-NLS-1$
        fileId.toString()));
    }
    String absPath = node.getPath();
    AccessControlManager acMgr = session.getAccessControlManager();
    AccessControlList acList = getAccessControlList(acMgr, absPath);
    // clear all entries
    AccessControlEntry[] acEntries = acList.getAccessControlEntries();
    for (int i = 0; i < acEntries.length; i++) {
        acList.removeAccessControlEntry(acEntries[i]);
    }
    JcrRepositoryFileAclUtils.setAclMetadata(session, absPath, acList, new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting()));
    // add entries to now empty list but only if not inheriting; force user to start with clean slate
    boolean adminPrincipalExist = false;
    ITenant principalTenant = null;
    if (!acl.isEntriesInheriting()) {
        for (RepositoryFileAce ace : acl.getAces()) {
            Principal principal = null;
            if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) {
                String principalName = JcrTenantUtils.getRoleNameUtils().getPrincipleName(ace.getSid().getName());
                if (tenantAdminAuthorityName.equals(principalName)) {
                    adminPrincipalExist = true;
                }
                principal = new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(ace.getSid().getName()));
            } else {
                principal = new SpringSecurityUserPrincipal(JcrTenantUtils.getTenantedUser(ace.getSid().getName()));
            }
            acList.addAccessControlEntry(principal, permissionConversionHelper.pentahoPermissionsToPrivileges(session, ace.getPermissions()));
        }
        if (!adminPrincipalExist) {
            if (acl.getAces() != null && acl.getAces().size() > 0) {
                principalTenant = JcrTenantUtils.getRoleNameUtils().getTenant(acl.getAces().get(0).getSid().getName());
            }
            if (principalTenant == null || principalTenant.getId() == null) {
                principalTenant = JcrTenantUtils.getTenant();
            }
            List<RepositoryFilePermission> permissionList = new ArrayList<RepositoryFilePermission>();
            permissionList.add(RepositoryFilePermission.ALL);
            Principal adminPrincipal = new SpringSecurityRolePrincipal(JcrTenantUtils.getRoleNameUtils().getPrincipleId(principalTenant, tenantAdminAuthorityName));
            acList.addAccessControlEntry(adminPrincipal, permissionConversionHelper.pentahoPermissionsToPrivileges(session, EnumSet.copyOf(permissionList)));
        }
    }
    acMgr.setPolicy(absPath, acList);
    session.save();
    return getAcl(fileId);
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) Node(javax.jcr.Node) AclMetadata(org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata) ArrayList(java.util.ArrayList) AccessControlEntry(javax.jcr.security.AccessControlEntry) RepositoryException(javax.jcr.RepositoryException) ITenant(org.pentaho.platform.api.mt.ITenant) SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal) RepositoryFilePermission(org.pentaho.platform.api.repository2.unified.RepositoryFilePermission) SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal) SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal) Principal(java.security.Principal) SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)

Example 2 with SpringSecurityUserPrincipal

use of org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal in project pentaho-platform by pentaho.

the class JcrRepositoryFileAclUtils method internalUpdateAcl.

private static RepositoryFileAcl internalUpdateAcl(final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable fileId, final RepositoryFileAcl acl) throws RepositoryException {
    Node node = session.getNodeByIdentifier(fileId.toString());
    if (node == null) {
        // $NON-NLS-1$
        throw new RepositoryException("Node not found");
    }
    String absPath = node.getPath();
    AccessControlManager acMgr = session.getAccessControlManager();
    AccessControlList acList = getAccessControlList(acMgr, absPath);
    // clear all entries
    AccessControlEntry[] acEntries = acList.getAccessControlEntries();
    for (int i = 0; i < acEntries.length; i++) {
        acList.removeAccessControlEntry(acEntries[i]);
    }
    JcrRepositoryFileAclUtils.setAclMetadata(session, absPath, acList, new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting()));
    // add entries to now empty list but only if not inheriting; force user to start with clean slate
    if (!acl.isEntriesInheriting()) {
        for (RepositoryFileAce ace : acl.getAces()) {
            Principal principal = null;
            if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) {
                principal = new SpringSecurityRolePrincipal(JcrTenantUtils.getTenantedRole(ace.getSid().getName()));
            } else {
                principal = new SpringSecurityUserPrincipal(JcrTenantUtils.getTenantedUser(ace.getSid().getName()));
            }
            IPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper(session);
            acList.addAccessControlEntry(principal, permissionConversionHelper.pentahoPermissionsToPrivileges(session, ace.getPermissions()));
        }
    }
    acMgr.setPolicy(absPath, acList);
    session.save();
    return getAcl(session, pentahoJcrConstants, fileId);
}
Also used : AccessControlManager(javax.jcr.security.AccessControlManager) AccessControlList(javax.jcr.security.AccessControlList) RepositoryFileAce(org.pentaho.platform.api.repository2.unified.RepositoryFileAce) Node(javax.jcr.Node) AclMetadata(org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata) AccessControlEntry(javax.jcr.security.AccessControlEntry) RepositoryException(javax.jcr.RepositoryException) IPermissionConversionHelper(org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclDao.IPermissionConversionHelper) SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal) SpringSecurityRolePrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal) SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal) Principal(java.security.Principal) SpringSecurityUserPrincipal(org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)

Aggregations

Principal (java.security.Principal)2 Node (javax.jcr.Node)2 RepositoryException (javax.jcr.RepositoryException)2 AccessControlEntry (javax.jcr.security.AccessControlEntry)2 AccessControlList (javax.jcr.security.AccessControlList)2 AccessControlManager (javax.jcr.security.AccessControlManager)2 RepositoryFileAce (org.pentaho.platform.api.repository2.unified.RepositoryFileAce)2 AclMetadata (org.pentaho.platform.repository2.unified.jcr.IAclMetadataStrategy.AclMetadata)2 SpringSecurityRolePrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityRolePrincipal)2 SpringSecurityUserPrincipal (org.pentaho.platform.repository2.unified.jcr.jackrabbit.security.SpringSecurityUserPrincipal)2 ArrayList (java.util.ArrayList)1 ITenant (org.pentaho.platform.api.mt.ITenant)1 RepositoryFilePermission (org.pentaho.platform.api.repository2.unified.RepositoryFilePermission)1 IPermissionConversionHelper (org.pentaho.platform.repository2.unified.jcr.JcrRepositoryFileAclDao.IPermissionConversionHelper)1