@Override public boolean isSubsumedBy(Restriction other) { if (other instanceof CompositeRestriction) { return isSubsumedBy((CompositeRestriction) other); } for (Restriction r : restrictions) { if (!r.isSubsumedBy(other)) { return false; } } return true; }
private boolean subsumes(PrefixRestriction restriction) { for (FsPath prefix : prefixes) { if (restriction.isRestricted(prefix)) { return false; } } return true; }
/** * Assigns home, root and read only attributes from KpwdPrincipal. */ @SuppressWarnings("null") @Override public void session(Set<Principal> authorizedPrincipals, Set<Object> attrib) throws AuthenticationException { KpwdPrincipal kpwd = getFirst(filter(authorizedPrincipals, KpwdPrincipal.class), null); checkAuthentication(kpwd != null, "no record found"); attrib.add(new HomeDirectory(kpwd.home)); attrib.add(new RootDirectory(kpwd.root)); if (kpwd.isReadOnly) { attrib.add(Restrictions.readOnly()); } } }
@Override public void session(Set<Principal> authorizedPrincipals, Set<Object> attrib) throws AuthenticationException { attrib.add(new HomeDirectory("/")); attrib.add(new RootDirectory("/")); }
/** * Compose multiple restrictions where each Restriction can veto an * operation. */ public static Restriction concat(Restriction... restrictions) { switch (restrictions.length) { case 0: return UNRESTRICTED; case 1: return restrictions[0]; case 2: if (restrictions [0].isSubsumedBy(restrictions [1])) { return restrictions [1]; } if (restrictions [1].isSubsumedBy(restrictions [0])) { return restrictions [0]; } // Fall through for default behaviour default: return concat(asList(restrictions)); } }
@Override public boolean isRestricted(Activity activity, FsPath path) { for (Restriction r : restrictions) { if (r.isRestricted(activity, path)) { return true; } } return false; }
private boolean subsumes(Restriction other) { for (Restriction r : restrictions) { if (other.isSubsumedBy(r)) { return true; } } return false; } }
public static DenyActivityRestriction restrictNoActivity() { return new DenyActivityRestriction(EnumSet.noneOf(Activity.class)); }
private boolean isSubsumedBy(CompositeRestriction other) { for (Restriction r : restrictions) { if (!other.subsumes(r)) { return false; } } return true; }
@Override public boolean isSubsumedBy(Restriction other) { return other instanceof PrefixRestriction && ((PrefixRestriction) other).subsumes(this); }
public Restriction getRestriction() { return restriction == null ? Restrictions.none() : restriction; }
/** * Compose multiple Restrictions where each Restriction can veto an * operation. */ public static Restriction concat(Iterable<Restriction> restrictions) { CompositeRestrictionBuilder composer = new CompositeRestrictionBuilder(); for (Restriction r : restrictions) { if (r instanceof CompositeRestriction) { for (Restriction inner : ((CompositeRestriction) r).restrictions) { composer.accept(inner); } } else { composer.accept(r); } } return composer.build(); }
@Override public String toString() { return getClass().getSimpleName() + "[" + getExpiry() + "]"; } }
@Override public boolean hasUnrestrictedChild(Activity activity, FsPath parent) { return !restrictions.stream().anyMatch(r -> !r.hasUnrestrictedChild(activity, parent)); }
private Restriction build() { switch (restrictions.size()) { case 0: return UNRESTRICTED; case 1: return restrictions.iterator().next(); default: return new CompositeRestriction(restrictions); } } }
@Override public boolean isRestricted(Activity activity, FsPath directory, String child) { return isRestricted(activity, directory.child(child)); }
@Override public boolean isRestricted(Activity activity, FsPath directory, String name) { for (Restriction r : restrictions) { if (r.isRestricted(activity, directory, name)) { return true; } } return false; }
private void accept(Restriction newRestriction) { Iterator<Restriction> i = restrictions.iterator(); while (i.hasNext()) { Restriction existing = i.next(); if (newRestriction.isSubsumedBy(existing)) { return; } if (existing.isSubsumedBy(newRestriction)) { i.remove(); } } restrictions.add(newRestriction); }
public static DenyActivityRestriction restrictAllActivity() { return new DenyActivityRestriction(EnumSet.allOf(Activity.class)); }