if ( sid.getType().equals( RepositoryFileSid.Type.USER ) ) { owner.setType( Type.USER ); } else { RepositoryFileSid aceSid = ace.getSid(); ObjectRecipient recipient = new RepositoryObjectRecipient( aceSid.getName() ); if ( aceSid.getType().equals( RepositoryFileSid.Type.USER ) ) { recipient.setType( Type.USER ); } else {
@Override public RepositoryFileAclDto marshal( final RepositoryFileAcl v ) { RepositoryFileAclDto aclDto = new RepositoryFileAclDto(); Serializable id = v.getId(); aclDto.setId( id != null ? id.toString() : null ); RepositoryFileSid owner = v.getOwner(); if ( owner != null ) { aclDto.setOwner( owner.getName() ); aclDto.setOwnerType( owner.getType() != null ? owner.getType().ordinal() : -1 ); } aclDto.setAces( toAcesDto( v.getAces() ), v.isEntriesInheriting() ); return aclDto; }
public void addAce( final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission ) { if ( isKioskEnabled() ) { throw new RuntimeException( Messages.getInstance().getString( "JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED" ) ); //$NON-NLS-1$ } Assert.notNull( id ); Assert.notNull( recipient ); Assert.notNull( permission ); RepositoryFileAcl acl = getAcl( id ); Assert.notNull( acl ); // TODO mlowery find an ACE with the recipient and update that rather than adding a new ACE RepositoryFileSid newRecipient = recipient; if ( recipient.getType().equals( Type.USER ) ) { if ( JcrTenantUtils.getUserNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( recipient.getName() ), recipient.getType() ); } } else { if ( JcrTenantUtils.getRoleNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedRole( recipient.getName() ), recipient.getType() ); } } RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder( acl ).ace( newRecipient, permission ).build(); updateAcl( updatedAcl ); logger.debug( "added ace: id=" + id + ", sid=" + recipient + ", permission=" + permission ); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ }
public static RepositoryFileAclAceDto toAceDto( RepositoryFileAce v ) { RepositoryFileAclAceDto aceDto = new RepositoryFileAclAceDto(); RepositoryFileSid sid = v.getSid(); aceDto.setRecipient( sid.getName() ); aceDto.setRecipientType( sid.getType().ordinal() ); aceDto.setPermissions( toIntPerms( v.getPermissions() ) ); return aceDto; }
public static void addAce( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission ) throws RepositoryException { RepositoryFileSid newRecipient = recipient; if ( JcrTenantUtils.getUserNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( recipient.getName() ), recipient.getType() ); } RepositoryFileAcl acl = getAcl( session, pentahoJcrConstants, id ); RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder( acl ).ace( newRecipient, permission ).build(); updateAcl( session, updatedAcl ); }
public static void setOwner( final Session session, final PentahoJcrConstants pentahoJcrConstants, final RepositoryFile file, final RepositoryFileSid owner ) throws RepositoryException { RepositoryFileSid newOwnerSid = owner; if ( JcrTenantUtils.getUserNameUtils().getTenant( owner.getName() ) == null ) { newOwnerSid = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( owner.getName() ), owner.getType() ); } RepositoryFileAcl acl = getAcl( session, pentahoJcrConstants, file.getId() ); RepositoryFileAcl newAcl = new RepositoryFileAcl.Builder( acl ).owner( newOwnerSid ).build(); updateAcl( session, newAcl ); }
if ( RepositoryFileSid.Type.USER == fileAce.getSid().getType() ) {
assertTrue( acl.getAces().size() == 1 ); assertTrue( "Authenticated".equals( acl.getAces().get( 0 ).getSid().getName().toString() ) ); assertTrue( RepositoryFileSid.Type.ROLE.equals( acl.getAces().get( 0 ).getSid().getType() ) ); assertTrue( acl.getAces().get( 0 ).getPermissions().size() == 1 ); assertTrue( acl.getAces().get( 0 ).getPermissions().contains( RepositoryFilePermission.ALL ) );
private boolean hasAccess( final Serializable fileId, final EnumSet<RepositoryFilePermission> permissions ) { String username = currentUserProvider.getUser(); List<String> roles = currentUserProvider.getRoles(); RepositoryFileAcl acl = idManager.getFileById( fileId ).getAcl(); if ( acl.getOwner().getType() == USER && acl.getOwner().getName().equals( username ) ) { return true; // owner can do anything } List<RepositoryFileAce> aces = internalGetEffectiveAces( fileId ); for ( RepositoryFileAce ace : aces ) { if ( ace.getSid().equals( everyone() ) && ace.getPermissions().containsAll( permissions ) ) { return true; // match special everyone role } else if ( ace.getSid().getType() == USER && ace.getSid().getName().equals( username ) && ace.getPermissions().containsAll( permissions ) ) { return true; // match on user } for ( String role : roles ) { if ( ace.getSid().getType() == ROLE && ace.getSid().getName().equals( role ) && ace.getPermissions().containsAll( permissions ) ) { return true; // match on role } } } return false; }
for ( RepositoryFileAce ace : acl.getAces() ) { Principal principal = null; if ( RepositoryFileSid.Type.ROLE == ace.getSid().getType() ) { String principalName = JcrTenantUtils.getRoleNameUtils().getPrincipleName( ace.getSid().getName() ); if ( tenantAdminAuthorityName.equals( principalName ) ) {
for ( RepositoryFileAce ace : acl.getAces() ) { Principal principal = null; if ( RepositoryFileSid.Type.ROLE == ace.getSid().getType() ) { principal = new SpringSecurityRolePrincipal( JcrTenantUtils.getTenantedRole( ace.getSid().getName() ) ); } else {