/** * @see java.util.Comparator#compare(java.lang.Object, java.lang.Object) */ public int compare(CmsAccessControlEntry ace1, CmsAccessControlEntry ace2) { if (ace1 == ace2) { return 0; } CmsUUID id1 = (ace1).getPrincipal(); CmsUUID id2 = (ace2).getPrincipal(); return COMPARATOR_PRINCIPALS.compare(id1, id2); } };
/** * @see java.util.Comparator#compare(java.lang.Object, java.lang.Object) */ public int compare(Object ace1, Object ace2) { if (ace1 == ace2) { return 0; } if ((ace1 instanceof CmsAccessControlEntry) && (ace2 instanceof CmsAccessControlEntry)) { CmsUUID id1 = ((CmsAccessControlEntry)ace1).getPrincipal(); CmsUUID id2 = ((CmsAccessControlEntry)ace2).getPrincipal(); return COMPARATOR_PRINCIPALS.compare(id1, id2); } return 0; } };
/** * Adds an access control entry to the access control list.<p> * * @param entry the access control entry to add */ public void add(CmsAccessControlEntry entry) { CmsPermissionSetCustom p = m_permissions.get(entry.getPrincipal()); if (p == null) { p = new CmsPermissionSetCustom(); m_permissions.put(entry.getPrincipal(), p); } p.addPermissions(entry.getPermissions()); }
/** * Gets the access control entries for a given principal id.<p> * * @param principalId the principal id * @return the access control entries for that principal id * * @throws CmsException if something goes wrong */ private Collection<CmsAccessControlEntry> getAces(CmsUUID principalId) throws CmsException { if (m_ace == null) { m_ace = ArrayListMultimap.create(); List<CmsAccessControlEntry> entries = m_cms.getAllAccessControlEntries(); for (CmsAccessControlEntry entry : entries) { m_ace.put(entry.getPrincipal(), entry); } } return m_ace.get(principalId); }
/** * Adds an access control entry to the access control list.<p> * * @param entry the access control entry to add */ public void add(CmsAccessControlEntry entry) { CmsPermissionSetCustom p = (CmsPermissionSetCustom)m_permissions.get(entry.getPrincipal()); if (p == null) { p = new CmsPermissionSetCustom(); m_permissions.put(entry.getPrincipal(), p); } p.addPermissions(entry.getPermissions()); }
/** * Sorts the given list of {@link CmsAccessControlEntry} objects.<p> * * The the 'all others' ace in first place, the 'overwrite all' ace in second.<p> * * @param aces the list of ACEs to sort * * @return <code>true</code> if the list contains the 'overwrite all' ace */ private boolean sortAceList(List<CmsAccessControlEntry> aces) { // sort the list of entries Collections.sort(aces, CmsAccessControlEntry.COMPARATOR_ACE); // after sorting just the first 2 positions come in question for (int i = 0; i < Math.min(aces.size(), 2); i++) { CmsAccessControlEntry acEntry = aces.get(i); if (acEntry.getPrincipal().equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID)) { return true; } } return false; }
/** * Sorts the given list of {@link CmsAccessControlEntry} objects.<p> * * The the 'all others' ace in first place, the 'overwrite all' ace in second.<p> * * @param aces the list of ACEs to sort * * @return <code>true</code> if the list contains the 'overwrite all' ace */ private boolean sortAceList(List aces) { // sort the list of entries Collections.sort(aces, CmsAccessControlEntry.COMPARATOR_ACE); // after sorting just the first 2 positions come in question for (int i = 0; i < Math.min(aces.size(), 2); i++) { CmsAccessControlEntry acEntry = (CmsAccessControlEntry)aces.get(i); if (acEntry.getPrincipal().equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID)) { return true; } } return false; }
/** * Sets the allowed permissions of a given access control entry as allowed permissions in the access control list.<p> * The denied permissions are left unchanged. * * @param entry the access control entry */ public void setAllowedPermissions(CmsAccessControlEntry entry) { CmsPermissionSetCustom p = m_permissions.get(entry.getPrincipal()); if (p == null) { p = new CmsPermissionSetCustom(); m_permissions.put(entry.getPrincipal(), p); } p.setPermissions(entry.getAllowedPermissions(), p.getDeniedPermissions()); }
/** * Sets the allowed permissions of a given access control entry as allowed permissions in the access control list.<p> * The denied permissions are left unchanged. * * @param entry the access control entry */ public void setAllowedPermissions(CmsAccessControlEntry entry) { CmsPermissionSetCustom p = (CmsPermissionSetCustom)m_permissions.get(entry.getPrincipal()); if (p == null) { p = new CmsPermissionSetCustom(); m_permissions.put(entry.getPrincipal(), p); } p.setPermissions(entry.getAllowedPermissions(), p.getDeniedPermissions()); }
/** * Sets the denied permissions of a given access control entry as denied permissions in the access control list.<p> * The allowed permissions are left unchanged. * * @param entry the access control entry */ public void setDeniedPermissions(CmsAccessControlEntry entry) { CmsPermissionSetCustom p = m_permissions.get(entry.getPrincipal()); if (p == null) { p = new CmsPermissionSetCustom(); m_permissions.put(entry.getPrincipal(), p); } p.setPermissions(p.getAllowedPermissions(), entry.getDeniedPermissions()); } }
/** * Sets the denied permissions of a given access control entry as denied permissions in the access control list.<p> * The allowed permissions are left unchanged. * * @param entry the access control entry */ public void setDeniedPermissions(CmsAccessControlEntry entry) { CmsPermissionSetCustom p = (CmsPermissionSetCustom)m_permissions.get(entry.getPrincipal()); if (p == null) { p = new CmsPermissionSetCustom(); m_permissions.put(entry.getPrincipal(), p); } p.setPermissions(p.getAllowedPermissions(), entry.getDeniedPermissions()); } }
/** * Returns the set of users that are responsible for a specific resource.<p> * * @param dbc the current database context * @param resource the resource to get the responsible users from * * @return the set of users that are responsible for a specific resource * * @throws CmsException if something goes wrong */ public Set<I_CmsPrincipal> readResponsiblePrincipals(CmsDbContext dbc, CmsResource resource) throws CmsException { Set<I_CmsPrincipal> result = new HashSet<I_CmsPrincipal>(); Iterator<CmsAccessControlEntry> aces = getAccessControlEntries(dbc, resource, true).iterator(); while (aces.hasNext()) { CmsAccessControlEntry ace = aces.next(); if (ace.isResponsible()) { I_CmsPrincipal p = lookupPrincipal(dbc, ace.getPrincipal()); if (p != null) { result.add(p); } } } return result; }
/** * Returns the set of users that are responsible for a specific resource.<p> * * @param dbc the current database context * @param resource the resource to get the responsible users from * * @return the set of users that are responsible for a specific resource * * @throws CmsException if something goes wrong */ public Set readResponsiblePrincipals(CmsDbContext dbc, CmsResource resource) throws CmsException { Set result = new HashSet(); Iterator aces = getAccessControlEntries(dbc, resource, true).iterator(); while (aces.hasNext()) { CmsAccessControlEntry ace = (CmsAccessControlEntry)aces.next(); if (ace.isResponsible()) { I_CmsPrincipal p = lookupPrincipal(dbc, ace.getPrincipal()); if (p != null) { result.add(p); } } } return result; }
/** * Lists the access control entries of a given resource.<p> * * @param resourceName the name of the resource * @throws Exception if something goes wrong */ public void lsacc(String resourceName) throws Exception { List acList = m_cms.getAccessControlEntries(resourceName); for (int i = 0; i < acList.size(); i++) { CmsAccessControlEntry ace = (CmsAccessControlEntry)acList.get(i); I_CmsPrincipal acePrincipal = m_cms.lookupPrincipal(ace.getPrincipal()); String pName = (acePrincipal != null) ? acePrincipal.getName() : ace.getPrincipal().toString(); System.out.println(pName + ": " + ace.getPermissions().getPermissionString() + " " + ace); } }
/** * Lists the access control entries of a given resource.<p> * * @param resourceName the name of the resource * @throws Exception if something goes wrong */ public void lsacc(String resourceName) throws Exception { List<CmsAccessControlEntry> acList = m_cms.getAccessControlEntries(resourceName); for (int i = 0; i < acList.size(); i++) { CmsAccessControlEntry ace = acList.get(i); I_CmsPrincipal acePrincipal = m_cms.lookupPrincipal(ace.getPrincipal()); String pName = (acePrincipal != null) ? acePrincipal.getName() : ace.getPrincipal().toString(); m_shell.getOut().println(pName + ": " + ace.getPermissions().getPermissionString() + " " + ace); } }
/** * Lists the access control entries belonging to the given principal.<p> * * @param resourceName the name of the resource * @param principalName the name of the principal * @throws Exception if something goes wrong */ public void lsacc(String resourceName, String principalName) throws Exception { I_CmsPrincipal principal = m_cms.lookupPrincipal(principalName); List acList = m_cms.getAccessControlEntries(resourceName); for (int i = 0; i < acList.size(); i++) { CmsAccessControlEntry ace = (CmsAccessControlEntry)acList.get(i); I_CmsPrincipal acePrincipal = m_cms.lookupPrincipal(ace.getPrincipal()); if (principal.equals(acePrincipal)) { String pName = (acePrincipal != null) ? acePrincipal.getName() : ace.getPrincipal().toString(); System.out.println(pName + ": " + ace.getPermissions().getPermissionString() + " " + ace); } } }
/** * Lists the access control entries belonging to the given principal.<p> * * @param resourceName the name of the resource * @param principalName the name of the principal * @throws Exception if something goes wrong */ public void lsacc(String resourceName, String principalName) throws Exception { I_CmsPrincipal principal = m_cms.lookupPrincipal(principalName); List<CmsAccessControlEntry> acList = m_cms.getAccessControlEntries(resourceName); for (int i = 0; i < acList.size(); i++) { CmsAccessControlEntry ace = acList.get(i); I_CmsPrincipal acePrincipal = m_cms.lookupPrincipal(ace.getPrincipal()); if (principal.equals(acePrincipal)) { String pName = (acePrincipal != null) ? acePrincipal.getName() : ace.getPrincipal().toString(); m_shell.getOut().println(pName + ": " + ace.getPermissions().getPermissionString() + " " + ace); } } }
/** * Compiles the ACL for a file or folder. * @param cms the CMS context * @param resource the resource for which to collect the ACLs * @param onlyBasic flag to only include basic ACEs * * @return the ACL for the resource * @throws CmsException if something goes wrong */ protected Acl collectAcl(CmsObject cms, CmsResource resource, boolean onlyBasic) throws CmsException { AccessControlListImpl cmisAcl = new AccessControlListImpl(); List<Ace> cmisAces = new ArrayList<Ace>(); List<CmsAccessControlEntry> aces = cms.getAccessControlEntries(resource.getRootPath(), true); for (CmsAccessControlEntry ace : aces) { boolean isDirect = ace.getResource().equals(resource.getResourceId()); CmsUUID principalId = ace.getPrincipal(); String principalName = getAcePrincipalName(cms, principalId); AccessControlEntryImpl cmisAce = new AccessControlEntryImpl(); AccessControlPrincipalDataImpl cmisPrincipal = new AccessControlPrincipalDataImpl(); cmisPrincipal.setId(principalName); cmisAce.setPrincipal(cmisPrincipal); cmisAce.setPermissions(onlyBasic ? getCmisPermissions(ace) : getNativePermissions(ace)); cmisAce.setDirect(isDirect); cmisAces.add(cmisAce); } cmisAcl.setAces(cmisAces); cmisAcl.setExact(Boolean.FALSE); return cmisAcl; }
/** * Writes an access control entries to a given resource.<p> * * @param context the current request context * @param resource the resource * @param ace the entry to write * * @throws CmsSecurityException if the user has insufficient permission for the given resource ({@link CmsPermissionSet#ACCESS_CONTROL} required) * @throws CmsException if something goes wrong */ public void writeAccessControlEntry(CmsRequestContext context, CmsResource resource, CmsAccessControlEntry ace) throws CmsException, CmsSecurityException { CmsDbContext dbc = m_dbContextFactory.getDbContext(context); try { checkOfflineProject(dbc); checkPermissions(dbc, resource, CmsPermissionSet.ACCESS_CONTROL, true, CmsResourceFilter.ALL); if (ace.getPrincipal().equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID)) { // only vfs managers can set the overwrite all ACE checkRoleForResource(dbc, CmsRole.VFS_MANAGER, resource); } m_driverManager.writeAccessControlEntry(dbc, resource, ace); } catch (Exception e) { dbc.report(null, Messages.get().container(Messages.ERR_WRITE_ACL_ENTRY_1, context.getSitePath(resource)), e); } finally { dbc.clear(); } }
/** * Writes an access control entries to a given resource.<p> * * @param context the current request context * @param resource the resource * @param ace the entry to write * * @throws CmsSecurityException if the user has insufficient permission for the given resource ({@link CmsPermissionSet#ACCESS_CONTROL} required) * @throws CmsException if something goes wrong */ public void writeAccessControlEntry(CmsRequestContext context, CmsResource resource, CmsAccessControlEntry ace) throws CmsException, CmsSecurityException { CmsDbContext dbc = m_dbContextFactory.getDbContext(context); try { checkOfflineProject(dbc); checkPermissions(dbc, resource, CmsPermissionSet.ACCESS_CONTROL, true, CmsResourceFilter.ALL); if (ace.getPrincipal().equals(CmsAccessControlEntry.PRINCIPAL_OVERWRITE_ALL_ID)) { // only vfs managers can set the overwrite all ACE checkRoleForResource(dbc, CmsRole.VFS_MANAGER, resource); } m_driverManager.writeAccessControlEntry(dbc, resource, ace); } catch (Exception e) { dbc.report( null, Messages.get().container(Messages.ERR_WRITE_ACL_ENTRY_1, context.getSitePath(resource)), e); } finally { dbc.clear(); } }