public void deletePermissions(String authority) { @SuppressWarnings("unused") List<AclChange> changes = aclDaoComponent.deleteAccessControlEntries(authority); // ignore changes - deleting an authority does not cause all acls to version }
if(inheritsFrom != null) inheritsFrom = aclDaoComponent.getInheritedAccessControlList(inheritsFrom); getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getAcl(inheritsFrom)); List<AclChange> changes = new ArrayList<AclChange>(); changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom, aclDaoComponent.getInheritedAccessControlList(acl.getId()))); getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); aclDaoComponent.deleteAccessControlList(acl.getId());
public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions) { Acl acl = getAccessControlList(nodeRef); if ((acl == null) && (inheritParentPermissions == INHERIT_PERMISSIONS_DEFAULT)) { return; } if ((acl != null) && (acl.getInherits() == inheritParentPermissions)) { return; } CreationReport report = getMutableAccessControlList(nodeRef); List<AclChange> changes; if (!inheritParentPermissions) { changes = aclDaoComponent.disableInheritance(report.getCreated().getId(), false); } else { Long parentAcl = getACLDAO(nodeRef).getInheritedAcl(nodeRef); changes = aclDaoComponent.enableInheritance(report.getCreated().getId(), parentAcl); } List<AclChange> all = new ArrayList<AclChange>(changes.size() + report.getChanges().size()); all.addAll(report.getChanges()); all.addAll(changes); getACLDAO(nodeRef).updateChangedAcls(nodeRef, all); }
Long newParentSharedAclId = aclDaoComponent.getInheritedAccessControlList(newParentAclId); setFixedAcls(childNodeId, newParentSharedAclId, null, null, changes, true); Acl acl = aclDaoComponent.getAcl(childAclId); if (acl != null && acl.getInherits()) Long oldParentSharedAclId = aclDaoComponent.getInheritedAccessControlList(oldParentAclId); Long sharedAclchildInheritsFrom = acl.getInheritsFrom(); if(childAclId.equals(oldParentSharedAclId)) Long newParentSharedAclId = aclDaoComponent.getInheritedAccessControlList(newParentAclId); setFixedAcls(childNodeId, newParentSharedAclId, null, childAclId, changes, true); Long newParentSharedAclId = aclDaoComponent.getInheritedAccessControlList(newParentAclId); @SuppressWarnings("unused") List<AclChange> newChanges = aclDaoComponent.mergeInheritedAccessControlList(newParentSharedAclId, childAclId);
aclDAO.setCheckAclConsistency(); readers.setDenied(deniedSet); Long aclChangeSetId = aclDAO.getAccessControlList(aclId).getProperties().getAclChangeSetId(); readers.setAclChangeSetId(aclChangeSetId);
properties.setAclType(ACLType.DEFINING); properties.setVersioned(true); Long def1 = aclDaoComponent.createAccessControlList(properties).getId(); Long shared1 = aclDaoComponent.getInheritedAccessControlList(def1); Long def2 = aclDaoComponent.createAccessControlList(properties).getId(); aclDaoComponent.mergeInheritedAccessControlList(shared1, def2); Long shared2 = aclDaoComponent.getInheritedAccessControlList(def2); Long def3 = aclDaoComponent.createAccessControlList(properties).getId(); aclDaoComponent.mergeInheritedAccessControlList(shared2, def3); Long shared3 = aclDaoComponent.getInheritedAccessControlList(def3); assertEquals(aclDaoComponent.getAccessControlList(def1).getEntries().size(), 0); assertEquals(aclDaoComponent.getAccessControlList(shared1).getEntries().size(), 0); assertEquals(aclDaoComponent.getAccessControlList(def2).getEntries().size(), 0); assertEquals(aclDaoComponent.getAccessControlList(shared1).getEntries().size(), 0); assertEquals(aclDaoComponent.getAccessControlList(def3).getEntries().size(), 0); assertEquals(aclDaoComponent.getAccessControlList(shared1).getEntries().size(), 0); ace1.setPermission(new SimplePermissionReference(QName.createQName("uri", "local"), "Write")); ace1.setPosition(null); aclDaoComponent.setAccessControlEntry(def1, ace1); assertEquals(aclDaoComponent.getAccessControlList(def1).getEntries().size(), 1); assertTrue(hasAce(aclDaoComponent.getAccessControlList(def1).getEntries(), ace1, 0)); assertEquals(aclDaoComponent.getAccessControlList(shared1).getEntries().size(), 1); assertTrue(hasAce(aclDaoComponent.getAccessControlList(shared1).getEntries(), ace1, 1)); assertEquals(aclDaoComponent.getAccessControlList(def2).getEntries().size(), 1); assertTrue(hasAce(aclDaoComponent.getAccessControlList(def2).getEntries(), ace1, 2)); assertEquals(aclDaoComponent.getAccessControlList(shared2).getEntries().size(), 1);
properties.setAclType(ACLType.OLD); properties.setVersioned(false); Long id = aclDaoComponent.createAccessControlList(properties).getId(); AccessControlListProperties aclProps = aclDaoComponent.getAccessControlListProperties(id); assertEquals(aclProps.getAclType(), ACLType.OLD); assertEquals(aclProps.getAclVersion(), Long.valueOf(1l)); testTX.begin(); AccessControlListProperties aclPropsBefore = aclDaoComponent.getAccessControlListProperties(id); assertEquals(aclPropsBefore.getAclType(), ACLType.OLD); assertEquals(aclPropsBefore.getAclVersion(), Long.valueOf(1l)); ace1.setPermission(new SimplePermissionReference(QName.createQName("uri", "local"), "Read")); ace1.setPosition(null); List<AclChange> changes = aclDaoComponent.setAccessControlEntry(id, ace1); assertEquals(changes.size(), 1); assertEquals(changes.get(0).getBefore(), id); assertTrue(changes.get(0).getBefore().equals(changes.get(0).getAfter())); aclPropsBefore = aclDaoComponent.getAccessControlListProperties(changes.get(0).getBefore()); assertEquals(aclPropsBefore.getAclType(), ACLType.OLD); assertEquals(aclPropsBefore.getAclVersion(), Long.valueOf(1l)); assertEquals(aclDaoComponent.getAccessControlList(changes.get(0).getBefore()).getEntries().size(), 1); assertTrue(hasAce(aclDaoComponent.getAccessControlList(changes.get(0).getBefore()).getEntries(), ace1, 0));
properties.setAclType(ACLType.DEFINING); properties.setVersioned(true); Long i_1 = aclDaoComponent.createAccessControlList(properties).getId(); Long s_1 = aclDaoComponent.getInheritedAccessControlList(i_1); Long i_1_2 = aclDaoComponent.createAccessControlList(properties).getId(); Long s_1_2 = aclDaoComponent.getInheritedAccessControlList(i_1_2); aclDaoComponent.mergeInheritedAccessControlList(s_1, i_1_2); Long i_1_3 = aclDaoComponent.createAccessControlList(properties).getId(); Long s_1_3 = aclDaoComponent.getInheritedAccessControlList(i_1_3); aclDaoComponent.mergeInheritedAccessControlList(s_1, i_1_3); Long i_1_2_4 = aclDaoComponent.createAccessControlList(properties).getId(); Long s_1_2_4 = aclDaoComponent.getInheritedAccessControlList(i_1_2_4); aclDaoComponent.mergeInheritedAccessControlList(s_1_2, i_1_2_4); Long i_1_2_4_5 = aclDaoComponent.createAccessControlList(properties).getId(); Long s_1_2_4_5 = aclDaoComponent.getInheritedAccessControlList(i_1_2_4_5); assertNotNull(s_1_2_4_5); aclDaoComponent.mergeInheritedAccessControlList(s_1_2_4, i_1_2_4_5); Long i_1_3_6 = aclDaoComponent.createAccessControlList(properties).getId(); Long s_1_3_6 = aclDaoComponent.getInheritedAccessControlList(i_1_3_6); aclDaoComponent.mergeInheritedAccessControlList(s_1_3, i_1_3_6); Long i_1_3_6_7 = aclDaoComponent.createAccessControlList(properties).getId(); Long s_1_3_6_7 = aclDaoComponent.getInheritedAccessControlList(i_1_3_6_7); aclDaoComponent.mergeInheritedAccessControlList(s_1_3_6, i_1_3_6_7); ace1.setPermission(new SimplePermissionReference(QName.createQName("uri", "local"), "Read")); ace1.setPosition(null);
properties.setAclType(ACLType.DEFINING); properties.setVersioned(true); Long defined = aclDaoComponent.createAccessControlList(properties).getId(); Long shared = aclDaoComponent.getInheritedAccessControlList(defined); Long fixed = aclDaoComponent.createAccessControlList(properties).getId(); Long global = aclDaoComponent.createAccessControlList(properties).getId(); Long old = aclDaoComponent.createAccessControlList(properties).getId(); aclDaoComponent.setAccessControlEntry(defined, ace1); aclDaoComponent.setAccessControlEntry(defined, ace2); aclDaoComponent.setAccessControlEntry(defined, ace3); aclDaoComponent.setAccessControlEntry(fixed, ace1); aclDaoComponent.setAccessControlEntry(fixed, ace2); aclDaoComponent.setAccessControlEntry(fixed, ace3); aclDaoComponent.setAccessControlEntry(global, ace1); aclDaoComponent.setAccessControlEntry(global, ace2); aclDaoComponent.setAccessControlEntry(global, ace3); aclDaoComponent.setAccessControlEntry(old, ace1); aclDaoComponent.setAccessControlEntry(old, ace2); aclDaoComponent.setAccessControlEntry(old, ace3); assertEquals(aclDaoComponent.getAccessControlList(defined).getEntries().size(), 3);
public void testCreateOld() { SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(); properties.setAclType(ACLType.OLD); properties.setVersioned(false); AccessControlListProperties aclProps = aclDaoComponent.createAccessControlList(properties); assertEquals(aclProps.getAclType(), ACLType.OLD); assertEquals(aclProps.getAclVersion(), Long.valueOf(1l)); assertEquals(aclProps.getInherits(), Boolean.TRUE); assertEquals(aclDaoComponent.getAccessControlListProperties(aclProps.getId()), aclProps); assertEquals(aclDaoComponent.getInheritedAccessControlList(aclProps.getId()), null); }
if (existingNodeAclId != null) existing = aclDaoComponent.getAccessControlList(existingNodeAclId); SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(aclDaoComponent.getDefaultProperties()); properties.setInherits(existing.getProperties().getInherits()); Acl newAcl = aclDaoComponent.createAccessControlList(properties, existing.getEntries(), actuallyInherited); newDefiningAcl = newAcl.getId(); nodeDAO.setNodeAclId(nodeId, newDefiningAcl); AccessControlListProperties properties = aclDaoComponent.getDefaultProperties(); Acl newAcl = aclDaoComponent.createAccessControlList(properties); newDefiningAcl = newAcl.getId(); nodeDAO.setNodeAclId(nodeId, newDefiningAcl); toInherit = aclDaoComponent.getInheritedAccessControlList(newDefiningAcl);
properties.setVersioned(false); Acl acl = aclDaoComponent.createAccessControlList(properties); long id = acl.getId(); properties.setVersioned(false); acl = aclDaoComponent.createAccessControlList(properties); id = acl.getId(); changes.addAll(aclDaoComponent.mergeInheritedAccessControlList(existing.getId(), id)); changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id, aclDaoComponent.getInheritedAccessControlList(existing.getId())));
/** * Check that a given authentication is available on a node * * @param authority String * @param aclId Long * @return true if a check is required */ boolean checkRequired(String authority, Long aclId) { AccessControlList acl = aclDaoComponent.getAccessControlList(aclId); if (acl == null) { return false; } Set<Pair<String, PermissionReference>> denied = new HashSet<Pair<String, PermissionReference>>(); // Check if each permission allows - the first wins. // We could have other voting style mechanisms here for (AccessControlEntry ace : acl.getEntries()) { if (isGranted(ace, authority, denied)) { return true; } } return false; }
public void testCreateDefault() { // Create default ACL (type=DEFINING, inherits=true, versioned=false) Long id = aclDaoComponent.createAccessControlList(); AccessControlListProperties aclProps = aclDaoComponent.getAccessControlListProperties(id); assertEquals(aclProps.getAclType(), ACLType.DEFINING); assertEquals(aclProps.getAclVersion(), Long.valueOf(1l)); assertEquals(aclProps.getInherits(), Boolean.TRUE); assertEquals(aclProps.isVersioned(), Boolean.FALSE); }
/** * @param nodeRef NodeRef * @param acl Acl */ private void replaceWithCleanDefiningAcl(NodeRef nodeRef, Acl acl) { // TODO: could just clear out existing SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(); properties = new SimpleAccessControlListProperties(); properties.setAclType(ACLType.DEFINING); properties.setInherits(Boolean.FALSE); properties.setVersioned(false); Acl newAcl = aclDaoComponent.createAccessControlList(properties); long id = newAcl.getId(); getACLDAO(nodeRef).setAccessControlList(nodeRef, newAcl); List<AclChange> changes = new ArrayList<AclChange>(); changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id, acl.getInheritedAcl())); getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes); aclDaoComponent.deleteAccessControlList(acl.getId()); } }
Long inheritedACL = aclDAO.getInheritedAccessControlList(parentAclId); inheritedAcl = aclDAO.getAccessControlListProperties(inheritedACL); if (inheritedAcl != null)
public AccessControlListProperties getAccessControlListProperties(NodeRef nodeRef) { Acl acl = getACLDAO(nodeRef).getAccessControlList(nodeRef); if(acl == null) { return null; } return aclDaoComponent.getAccessControlListProperties(acl.getId()); }
Acl targetNodeAcl = aclDAO.getAcl(targetNodeAclID); AccessControlList targetNodeAccessControlList = aclDAO.getAccessControlList(targetNodeAclID); List<AccessControlEntry> targetNodeAclEntries = targetNodeAccessControlList.getEntries(); for (AccessControlEntry entry : targetNodeAclEntries)
private Acl getMutableAccessControlList(StoreRef storeRef) { Acl acl = getACLDAO(storeRef).getAccessControlList(storeRef); if(acl == null) { SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties(); properties.setAclType(ACLType.DEFINING); properties.setInherits(false); properties.setVersioned(false); acl = aclDaoComponent.createAccessControlList(properties); getACLDAO(storeRef).setAccessControlList(storeRef, acl); } return acl; }
public void testDelete() if(aclDaoComponent.getDefaultProperties().getAclType() == ACLType.DEFINING)