@Override public boolean addACE(String aclName, ACE ace) { if (aclName == null) { throw new NullPointerException("'aclName' cannot be null"); } ACL acl = getOrCreateACL(aclName); boolean aclChanged = acl.add(ace); if (aclChanged) { addACL(acl); } return aclChanged; }
/** * Gets default local ACL, i.e. when inheritance * is blocked. * * @return default local ACL */ public static ACL buildDefaultLocalACL(CoreSession session, DocumentModel document) { ACL acl = new ACLImpl(); String currentUser = session.getPrincipal().getName(); acl.add(new ACE(currentUser, SecurityConstants.EVERYTHING)); // acl.addAll(ACEsOperationHelper.getAdminEverythingACEs()); acl.addAll(getMasterOwnerACEs(session, document)); return acl; }
public void addAccessRule(String aclName, ACE ace) { ACL acl = getACL(aclName); if (acl == null) { acl = new ACLImpl(aclName); addACL(acl); } acl.add(ace); }
@Override public void setRules(String aclName, UserEntry[] userEntries, boolean overwrite) { ACL acl = getACL(aclName); if (acl == null) { // create the loca ACL acl = new ACLImpl(aclName); addACL(acl); } else if (overwrite) { // :XXX: Should not overwrite entries not given as parameters here. acl.clear(); } for (UserEntry entry : userEntries) { String username = entry.getUserName(); for (String permission : entry.getGrantedPermissions()) { acl.add(new ACE(username, permission, true)); } for (String permission : entry.getDeniedPermissions()) { acl.add(new ACE(username, permission, false)); } } cache.clear(); }
/** * Add ACEs on ACL. * * @param acl * @param aces * @return modifed ACL */ @Override protected ACL modifyACEs(ACL acl, List<ACE> aces) { // Add: // If inheritance id blocked, add before block ACE blockInhACe = ACEsOperationHelper.getBlockInheritanceACe(); int blockInhPos = acl.indexOf(blockInhACe); for (ACE aceToAdd : aces) { if (!acl.contains(aceToAdd)) { if (blockInhPos != -1) { acl.add(blockInhPos, aceToAdd); } else { acl.add(aceToAdd); } } } return acl; }
/** * Blocks inheritance and set default rule. * * @param session * @param document * @return acl */ protected ACL blockLocalACLIfNecessary(CoreSession session, DocumentModel document, ACL localAcl) { // Block ACL ACE blockInhACe = ACEsOperationHelper.getBlockInheritanceACe(); if (!localAcl.contains(blockInhACe)) { // Add default rule ACL defaultLocalACL = ACEsOperationHelper.buildDefaultLocalACL(session, document); for(ACE ace : defaultLocalACL){ if(!localAcl.contains(ace)){ localAcl.add(ace); } } // Blocks localAcl.add(blockInhACe); } return localAcl; }
@Override public void run() { ACP acp = session.getACP(ref); ACL acl = acp.getOrCreateACL(aclName); acl.clear(); for (String validator : validators) { acl.add(new ACE(validator, SecurityConstants.READ)); acl.add(new ACE(validator, SecurityConstants.WRITE)); } // Give View permission to the user who submitted for publishing. acl.add(new ACE(principal.getName(), SecurityConstants.READ)); // Allow administrators too. UserManager userManager = Framework.getService(UserManager.class); for (String group : userManager.getAdministratorsGroups()) { acl.add(new ACE(group, SecurityConstants.EVERYTHING)); } // Deny everyone else. acl.add(ACE.BLOCK); session.setACP(ref, acp, true); session.save(); }
@Override public void populate(CoreSession session) { super.populate(session); DocumentModel test = session.getDocument(new PathRef(ROOT)); ACP acp = new ACPImpl(); ACL acl = new ACLImpl(); acl.add(new ACE("Administrator", "Everything", true)); acl.add(new ACE(USERNAME, "WriteProperties", true)); acl.add(new ACE(USERNAME, "Read", true)); acp.addACL(acl); test.setACP(acp, false); createChildren(session, test, SIZE); }
@Override public void run() { DocumentModel doc = session.getDocument(ref); ACP acp = new ACPImpl(); // add new ACL to set READ permission to everyone ACL routingACL = acp.getOrCreateACL(DocumentRoutingConstants.DOCUMENT_ROUTING_ACL); routingACL.add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.READ, true)); // block rights inheritance ACL localACL = acp.getOrCreateACL(ACL.LOCAL_ACL); localACL.add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false)); doc.setACP(acp, true); session.saveDocument(doc); } }
protected void setPermissionOnDocument(CoreSession session, String userOrGroup, String permission) { ACP acp = document.getACP(); ACL routingACL = acp.getOrCreateACL(DocumentRoutingConstants.DOCUMENT_ROUTING_ACL); routingACL.add(new ACE(userOrGroup, permission, true)); document.setACP(acp, true); session.saveDocument(document); }
if (filter == null || filter.accept(ace)) { res.add(ace);
@Override public void run() { DocumentModel root = session.createDocumentModel(Root_PATH, Root_NAME, "Folder"); root.setProperty("dublincore", "title", Root_NAME); root = session.createDocument(root); ACL acl = new ACLImpl(); acl.add(new ACE(Write_Grp, "Write", true)); acl.add(new ACE(Read_Grp, "Read", true)); ACP acp = root.getACP(); acp.addACL(acl); session.setACP(root.getRef(), acp, true); rootRef = root.getRef(); // flush caches session.save(); }
@Override public void run() { DocumentModel root = session.createDocumentModel(parentPath, name, "Workspace"); root.setProperty("dublincore", "title", name); root = session.createDocument(root); if (setAcl) { ACL acl = new ACLImpl(); acl.add(new ACE(Write_Grp, "Write", true)); acl.add(new ACE(Read_Grp, "Read", true)); ACP acp = root.getACP(); acp.addACL(acl); session.setACP(root.getRef(), acp, true); } rootRef = root.getRef(); // flush caches session.save(); }
protected void setAcl(List<ACEDescriptor> aces, DocumentRef ref) { if (aces != null && !aces.isEmpty()) { ACP acp = session.getACP(ref); ACL existingACL = acp.getOrCreateACL(); // clean any existing ACL (should a merge strategy be adopted // instead?) existingACL.clear(); // add the the ACL defined in the descriptor for (ACEDescriptor ace : aces) { existingACL.add(new ACE(ace.getPrincipal(), ace.getPermission(), ace.getGranted())); } // read the acl to invalidate the ACPImpl cache acp.addACL(existingACL); session.setACP(ref, acp, true); } }
@Override public void run() { for (DocumentModel doc : docs) { ACP acp = doc.getACP(); acp.removeACL(aclName); ACL acl = new ACLImpl(aclName); for (String actorId : actorIds) { acl.add(ACE.builder(actorId, permission).creator(ACTOR_ACE_CREATOR).build()); } acp.addACL(0, acl); // add first to get before blocks doc.setACP(acp, true); session.saveDocument(doc); } }
protected static ACP aclRowsToACP(ACLRow[] acls) { ACP acp = new ACPImpl(); ACL acl = null; String name = null; for (ACLRow aclrow : acls) { if (!aclrow.name.equals(name)) { if (acl != null) { acp.addACL(acl); } name = aclrow.name; acl = new ACLImpl(name); } // XXX should prefix user/group String user = aclrow.user; if (user == null) { user = aclrow.group; } acl.add(ACE.builder(user, aclrow.permission) .isGranted(aclrow.grant) .creator(aclrow.creator) .begin(aclrow.begin) .end(aclrow.end) .build()); } if (acl != null) { acp.addACL(acl); } return acp; }
@Override public void run() { String query = "select * from " + USER_PROFILE_DOCTYPE + " where ecm:parentId='" + userWorkspace.getId() + "' " + " AND ecm:isProxy = 0 " + " AND ecm:isVersion = 0 AND ecm:isTrashed = 0"; DocumentModelList children = session.query(query); if (!children.isEmpty()) { userProfileDocRef = children.get(0).getRef(); } else { DocumentModel userProfileDoc = session.createDocumentModel(userWorkspace.getPathAsString(), String.valueOf(System.currentTimeMillis()), USER_PROFILE_DOCTYPE); userProfileDoc = session.createDocument(userProfileDoc); userProfileDocRef = userProfileDoc.getRef(); ACP acp = session.getACP(userProfileDocRef); ACL acl = acp.getOrCreateACL(); acl.add(new ACE(EVERYONE, READ, true)); acp.addACL(acl); session.setACP(userProfileDocRef, acp, true); session.save(); } }
/** * Create the rootModels under to root document. Grant READ to everyone on the root models ; workflow availability * is specified on each route * * @param routeStructureDocType * @param id * @param session * @return */ protected DocumentModel createModelsRoutesStructure(String routeStructureDocType, String id, CoreSession session) { DocumentModel rootModels = session.createDocumentModel("/", id, routeStructureDocType); rootModels.setPropertyValue(DC_TITLE, routeStructureDocType); rootModels = session.createDocument(rootModels); ACP acp = session.getACP(rootModels.getRef()); ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL); acl.add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.READ, true)); session.setACP(rootModels.getRef(), acp, true); return rootModels; }
@Override public void handleEvent(Event event) { DocumentEventContext docCtx = (DocumentEventContext) event.getContext(); DocumentRoute route = (DocumentRoute) docCtx.getProperty(DocumentRoutingConstants.DOCUMENT_ELEMENT_EVENT_CONTEXT_KEY); String initiator = (String) docCtx.getProperty(DocumentRoutingConstants.INITIATOR_EVENT_CONTEXT_KEY); CoreSession session = docCtx.getCoreSession(); // initiator is a step validator route.setCanValidateStep(session, initiator); // initiator can see the route ACP acp = route.getDocument().getACP(); ACL acl = acp.getOrCreateACL(DocumentRoutingConstants.DOCUMENT_ROUTING_ACL); acl.add(new ACE(initiator, SecurityConstants.READ, true)); session.setACP(route.getDocument().getRef(), acp, true); }
@Override public void run() { DocumentRef pathRef = new PathRef(parentPath); if (session.exists(pathRef)) { taskRootDoc = session.getDocument(pathRef); } else { Path path = new Path(parentPath); taskRootDoc = session.createDocumentModel(path.removeLastSegments(1).toString(), path.lastSegment(), TaskConstants.TASK_ROOT_TYPE_NAME); taskRootDoc = session.createDocument(taskRootDoc); ACP acp = taskRootDoc.getACP(); ACL acl = acp.getOrCreateACL(ACL.LOCAL_ACL); acl.add(new ACE("Everyone", "Everything", false)); taskRootDoc.setACP(acp, true); taskRootDoc = session.saveDocument(taskRootDoc); } }