/** * Entries inheriting is set to false when this method is called. */ public Builder ace( final RepositoryFileSid recipient, final RepositoryFilePermission first, final RepositoryFilePermission... rest ) { return ace( new RepositoryFileAce( recipient, EnumSet.of( first, rest ) ) ); }
/** * Entries inheriting is set to false when this method is called. */ public Builder ace( final RepositoryFileAce ace1 ) { entriesInheriting( false ); this.aces.add( ace1 ); return this; }
protected void createEtcMondrianFolder( final ITenant tenant ) { txnTemplate.execute( new TransactionCallbackWithoutResult() { @Override public void doInTransactionWithoutResult( final TransactionStatus status ) { final RepositoryFileSid repositoryAdminUserSid = new RepositoryFileSid( userNameUtils.getPrincipleId( tenant, repositoryAdminUsername ) ); RepositoryFile tenantEtcFolder = repositoryFileDao.getFileByAbsolutePath( ServerRepositoryPaths.getTenantEtcFolderPath( tenant ) ); Assert.notNull( tenantEtcFolder ); if ( repositoryFileDao.getFileByAbsolutePath( ServerRepositoryPaths.getTenantEtcFolderPath( tenant ) + RepositoryFile.SEPARATOR + FOLDER_MONDRIAN ) == null ) { // mondrian folder internalCreateFolder( tenantEtcFolder.getId(), new RepositoryFile.Builder( FOLDER_MONDRIAN ).folder( true ) .build(), true, repositoryAdminUserSid, Messages.getInstance().getString( "MondrianRepositoryLifecycleManager.USER_0001_VER_COMMENT_MONDRIAN" ) ); //$NON-NLS-1$ } } } ); }
new RepositoryFileAcl.Builder( acl ).ace( tenantAdminRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ); String parentTenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAdminRoleName ); RepositoryFileSid parentTenantAdminSid = new RepositoryFileSid( parentTenantAdminRoleId, Type.ROLE ); aclBuilder.ace( parentTenantAdminSid, EnumSet.of( RepositoryFilePermission.ALL ) ); parentTenantFolder = FilenameUtils.getFullPathNoEndSeparator( parentTenantFolder ); repositoryFileAclDao.updateAcl( aclBuilder.build() ); } catch ( Throwable th ) { th.printStackTrace();
new RepositoryFileAcl.Builder( userSid ).ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.READ ) ); new RepositoryFileAcl.Builder( userSid ).ace( ownerSid, EnumSet.of( RepositoryFilePermission.ALL ) ); tenantHomeFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths.getTenantHomeFolderName() ).folder( true ).build(), aclsForTenantHomeFolder .build(), "tenant home folder" ); } else { String ownerId = userNameUtils.getPrincipleId( theTenant, username ); RepositoryFileSid ownerSid = new RepositoryFileSid( ownerId, RepositoryFileSid.Type.USER ); aclsForUserHomeFolder = new RepositoryFileAcl.Builder( userSid ).ace( ownerSid, EnumSet.of( RepositoryFilePermission.ALL ) ); userHomeFolder = repositoryFileDao.createFolder( tenantHomeFolder.getId(), new RepositoryFile.Builder( username ) .folder( true ).build(), aclsForUserHomeFolder.build(), "user home folder" ); //$NON-NLS-1$
new RepositoryFileAcl.Builder( userSid ).ace( tenantAuthenticatedRoleSid, EnumSet .of( RepositoryFilePermission.READ ) ); new RepositoryFileAcl.Builder( userSid ).ace( ownerSid, EnumSet.of( RepositoryFilePermission.ALL ) ); tenantHomeFolder = internalCreateFolder( session, tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantHomeFolderName() ).folder( true ).title( Messages.getInstance().getString( "AbstractJcrBackedUserRoleDao.usersFolderDisplayName" ) ).build(), aclsForTenantHomeFolder.build(), "tenant home folder" ); //$NON-NLS-1$ } else { String ownerId = tenantedUserNameUtils.getPrincipleId( theTenant, username ); ownerSid = new RepositoryFileSid( ownerId, Type.USER ); aclsForUserHomeFolder = new RepositoryFileAcl.Builder( userSid ).ace( ownerSid, EnumSet.of( RepositoryFilePermission.ALL ) ); userHomeFolder = internalCreateFolder( session, tenantHomeFolder.getId(), newFolder.build(), aclsForUserHomeFolder.build(), "user home folder" ); //$NON-NLS-1$
new RepositoryFileAcl.Builder( userSid ).ace( tenantAuthenticatedRoleSid, EnumSet .of( RepositoryFilePermission.READ ) ); new RepositoryFileAcl.Builder( userSid ).ace( ownerSid, EnumSet.of( RepositoryFilePermission.ALL ) ); tenantHomeFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantHomeFolderName() ).folder( true ).build(), aclsForTenantHomeFolder.build(), "tenant home folder" ); } else { RepositoryFileSid ownerSid = new RepositoryFileSid( ownerId, Type.USER ); aclsForUserHomeFolder = new RepositoryFileAcl.Builder( userSid ).ace( ownerSid, EnumSet.of( RepositoryFilePermission.ALL ) ); userHomeFolder = repositoryFileDao.createFolder( tenantHomeFolder.getId(), new RepositoryFile.Builder( username ).folder( true ).build(), aclsForUserHomeFolder.build(), "user home folder" ); //$NON-NLS-1$
RepositoryFileAcl acl = new RepositoryFileAcl.Builder("admin").build(); when( unifiedRepository.getAcl( anyString() )).thenReturn( acl );
RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder( acl.getId(), acl.getOwner().getName(), RepositoryFileSid.Type.ROLE ); aclBuilder.aces( acl.getAces() ); aclBuilder.ace( adminGroup ); return aclBuilder.build();
private RepositoryFileAcl toAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id ) throws RepositoryException { Node node = session.getNodeByIdentifier( id.toString() ); if ( node == null ) { throw new RepositoryException( Messages.getInstance().getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", id.toString() ) ); //$NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList( acMgr, absPath ); RepositoryFileSid owner = null; String ownerString = getOwner( session, absPath, acList ); if ( ownerString != null ) { // for now, just assume all owners are users; only has UI impact owner = new RepositoryFileSid( JcrTenantUtils.getUserNameUtils().getPrincipleName( ownerString ), RepositoryFileSid.Type.USER ); } RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder( id, owner ); aclBuilder.entriesInheriting( isEntriesInheriting( session, absPath, acList ) ); List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata( Arrays.asList( acList.getAccessControlEntries() ) ); for ( AccessControlEntry acEntry : cleanedAcEntries ) { if ( !acEntry.getPrincipal().equals( new SpringSecurityRolePrincipal( JcrTenantUtils.getTenantedRole( tenantAdminAuthorityName ) ) ) ) { aclBuilder.ace( toAce( session, acEntry ) ); } } return aclBuilder.build(); }
public void addAce( final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission ) { if ( isKioskEnabled() ) { throw new RuntimeException( Messages.getInstance().getString( "JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED" ) ); //$NON-NLS-1$ } Assert.notNull( id ); Assert.notNull( recipient ); Assert.notNull( permission ); RepositoryFileAcl acl = getAcl( id ); Assert.notNull( acl ); // TODO mlowery find an ACE with the recipient and update that rather than adding a new ACE RepositoryFileSid newRecipient = recipient; if ( recipient.getType().equals( Type.USER ) ) { if ( JcrTenantUtils.getUserNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( recipient.getName() ), recipient.getType() ); } } else { if ( JcrTenantUtils.getRoleNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedRole( recipient.getName() ), recipient.getType() ); } } RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder( acl ).ace( newRecipient, permission ).build(); updateAcl( updatedAcl ); logger.debug( "added ace: id=" + id + ", sid=" + recipient + ", permission=" + permission ); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ }
@Override public Void call() throws Exception { RepositoryFile aclNode = getAclNode( fileToAddAclFor ); if ( acl == null ) { if ( aclNode != null ) { unifiedRepository.deleteFile( aclNode.getId(), true, Messages.getInstance().getString( "AclNodeHelper.WARN_0001_REMOVE_ACL_NODE", aclNode.getPath() ) ); } // ignore if no ACL node is present. } else { if ( aclNode == null ) { // Create ACL Node with reference to given file. aclNode = createAclNode( fileToAddAclFor ); } // Update ACL on file. RepositoryFileAcl existing = unifiedRepository.getAcl( aclNode.getId() ); RepositoryFileAcl updated = new RepositoryFileAcl.Builder( existing ) .aces( acl.getAces() ) .build(); unifiedRepository.updateAcl( updated ); } return null; } } );
@Override public Object doInJcr( final Session session ) throws RepositoryException { Tenant tenant = null; RepositoryFile parentFolder = null; if ( parentTenant == null ) { tenant = new Tenant( "/" + tenantName, true ); } else { tenant = new Tenant( parentTenant.getRootFolderAbsolutePath() + "/" + tenantName, true ); String folderPath = parentTenant.getRootFolderAbsolutePath(); parentFolder = repositoryFileDao.getFileByAbsolutePath( folderPath ); } RepositoryFileAcl acl = new RepositoryFileAcl.Builder( tenantCreatorId ).entriesInheriting( false ).build(); RepositoryFile systemTenantFolder = repositoryFileDao.createFolder( parentFolder != null ? parentFolder.getId() : null, new RepositoryFile.Builder( tenant.getName() ).folder( true ).build(), acl, "" ); repositoryFileDao.getFileByAbsolutePath( tenant.getId() ); Map<String, Serializable> fileMeta = repositoryFileDao.getFileMetadata( systemTenantFolder.getId() ); fileMeta.put( ITenantManager.TENANT_ROOT, true ); fileMeta.put( ITenantManager.TENANT_ENABLED, true ); JcrRepositoryFileUtils.setFileMetadata( session, systemTenantFolder.getId(), fileMeta ); createRuntimeRolesFolderNode( session, new PentahoJcrConstants( session ), tenant ); return systemTenantFolder; } } );
private RepositoryFile createEtcFolder( ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid ) { String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAuthenticatedRoleName ); RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( tenantAuthenticatedRoleId, Type.ROLE ); String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAdminRoleName ); RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid( tenantAdminRoleId, Type.ROLE ); RepositoryFile etcFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantEtcFolderName() ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.READ ) ) .ace( tenantAdminRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).build(), null ); RepositoryFile pdiFolder = repositoryFileDao.createFolder( etcFolder.getId(), new RepositoryFile.Builder( "pdi" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "databases" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "slaveServers" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "clusterSchemas" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "partitionSchemas" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( etcFolder.getId(), new RepositoryFile.Builder( "metastore" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).build(), null ); return etcFolder; }
public static RepositoryFile createFolder( final Session session, final CredentialsStrategySessionFactory sessionFactory, final RepositoryFile parentFolder, final RepositoryFile folder, final boolean inheritAces, final RepositoryFileSid ownerSid, final IPathConversionHelper pathConversionHelper, final String versionMessage ) throws RepositoryException { Serializable parentFolderId = parentFolder == null ? null : parentFolder.getId(); PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants( session ); JcrRepositoryFileUtils.checkoutNearestVersionableFileIfNecessary( session, pentahoJcrConstants, parentFolderId ); Node folderNode = createFolderNode( session, pentahoJcrConstants, parentFolderId, folder ); session.save(); JcrRepositoryFileAclUtils.createAcl( session, pentahoJcrConstants, folderNode.getIdentifier(), new RepositoryFileAcl.Builder( ownerSid ).entriesInheriting( inheritAces ).build() ); session.save(); if ( folder.isVersioned() ) { JcrRepositoryFileUtils.checkinNearestVersionableNodeIfNecessary( session, pentahoJcrConstants, folderNode, versionMessage ); } JcrRepositoryFileUtils.checkinNearestVersionableFileIfNecessary( session, pentahoJcrConstants, parentFolderId, Messages.getInstance().getString( "JcrRepositoryFileDao.USER_0001_VER_COMMENT_ADD_FOLDER", folder.getName(), ( parentFolderId == null ? "root" : parentFolderId.toString() ) ) ); //$NON-NLS-1$ //$NON-NLS-2$ return JcrRepositoryFileUtils.getFileById( session, pentahoJcrConstants, pathConversionHelper, null, folderNode .getIdentifier() ); }
protected void init() { RepositoryFile rootFolder = new RepositoryFile.Builder( "" ).path( RepositoryFile.SEPARATOR ).folder( true ).build(); RepositoryFileAcl rootFolderAcl = new RepositoryFileAcl.Builder( root() ).entriesInheriting( false ).ace( everyone(), READ ).build(); root = new FileRecord( rootFolder, rootFolderAcl ); idManager.register( root ); RepositoryFile publicFolder = new RepositoryFile.Builder( "public" ).path( RepositoryFile.SEPARATOR + "public" ).folder( true ).build(); RepositoryFileAcl publicFolderAcl = new RepositoryFileAcl.Builder( root() ).entriesInheriting( false ).ace( everyone(), READ, WRITE ).build(); FileRecord pub = new FileRecord( publicFolder, publicFolderAcl ); root.addChild( pub ); idManager.register( pub ); RepositoryFile etcFolder = new RepositoryFile.Builder( "etc" ).path( RepositoryFile.SEPARATOR + "etc" ).folder( true ).build(); RepositoryFileAcl etcFolderAcl = new RepositoryFileAcl.Builder( root() ).entriesInheriting( true ).build(); FileRecord etc = new FileRecord( etcFolder, etcFolderAcl ); root.addChild( etc ); idManager.register( etc ); }
@Override protected void setUp() throws Exception { IUnifiedRepository repository = new MockUnifiedRepository( new MockUnifiedRepository.SpringSecurityCurrentUserProvider() ); datasourceMgmtService = new JcrBackedDatasourceMgmtService( repository, new DatabaseDialectService() ); datasourceMgmtWS = new DefaultDatasourceMgmtWebService( datasourceMgmtService ); adapter = new DatasourceMgmtToWebServiceAdapter( datasourceMgmtWS ); SecurityContextHolder.getContext() .setAuthentication( new UsernamePasswordAuthenticationToken( MockUnifiedRepository.root().getName(), null, new ArrayList<GrantedAuthority>() ) ); repository.createFolder( repository.getFile( "/etc" ).getId(), new RepositoryFile.Builder( FOLDER_PDI ).folder( true ).build(), new RepositoryFileAcl.Builder( MockUnifiedRepository.root() ).ace( MockUnifiedRepository.everyone(), READ, WRITE ).build(), null ); repository.createFolder( repository.getFile( "/etc/pdi" ).getId(), new RepositoryFile.Builder( FOLDER_DATABASES ) .folder( true ).build(), null ); SecurityContextHolder.getContext().setAuthentication( new UsernamePasswordAuthenticationToken( EXP_LOGIN, null, new ArrayList<GrantedAuthority>() ) ); KettleClientEnvironment.init(); }
public static RepositoryFileAcl getAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id ) throws RepositoryException { Node node = session.getNodeByIdentifier( id.toString() ); if ( node == null ) { throw new RepositoryException( Messages.getInstance().getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", id.toString() ) ); //$NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList( acMgr, absPath ); RepositoryFileSid owner = null; String ownerString = JcrTenantUtils.getUserNameUtils().getPrincipleName( getOwner( session, absPath, acList ) ); if ( ownerString != null ) { // for now, just assume all owners are users; only has UI impact owner = new RepositoryFileSid( ownerString, RepositoryFileSid.Type.USER ); } RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder( id, owner ); aclBuilder.entriesInheriting( isEntriesInheriting( session, absPath, acList ) ); List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata( Arrays.asList( acList.getAccessControlEntries() ) ); for ( AccessControlEntry acEntry : cleanedAcEntries ) { aclBuilder.ace( toAce( session, acEntry ) ); } return aclBuilder.build(); }
@Override public RepositoryFile createFolder( final Serializable parentFolderId, final RepositoryFile file, final RepositoryFileAcl acl, final String versionMessage ) { Validate.isTrue( file.isFolder() ); Validate.isTrue( !file.isVersioned() ); if ( !hasAccess( parentFolderId, EnumSet.of( WRITE ) ) ) { throw new AccessDeniedException( "access denied" ); } FileRecord parentFolder = idManager.getFileById( parentFolderId ); RepositoryFile fileFromRepo = new RepositoryFile.Builder( file ).path( parentFolder.getPath() + ( parentFolder.getPath().endsWith( RepositoryFile.SEPARATOR ) ? "" : RepositoryFile.SEPARATOR ) + file.getName() ).title( findTitle( file ) ).description( findDesc( file ) ).build(); RepositoryFileAcl aclFromRepo = new RepositoryFileAcl.Builder( acl ).build(); FileRecord fileRecord = new FileRecord( fileFromRepo, null, aclFromRepo, new HashMap<String, Serializable>() ); idManager.register( fileRecord ); parentFolder.addChild( fileRecord ); return fileRecord.getFile(); }
@Override public RepositoryFile createFile( final Serializable parentFolderId, final RepositoryFile file, final IRepositoryFileData data, final RepositoryFileAcl acl, final String versionMessage ) { Validate.isTrue( !file.isFolder() ); if ( !hasAccess( parentFolderId, EnumSet.of( WRITE ) ) ) { throw new AccessDeniedException( "access denied" ); } FileRecord parentFolder = idManager.getFileById( parentFolderId ); RepositoryFile fileFromRepo = new RepositoryFile.Builder( file ).path( parentFolder.getPath() + RepositoryFile.SEPARATOR + file.getName() ) .title( findTitle( file ) ).description( findDesc( file ) ).build(); RepositoryFileAcl aclFromRepo = new RepositoryFileAcl.Builder( acl ).build(); FileRecord fileRecord = new FileRecord( fileFromRepo, data, aclFromRepo, new HashMap<String, Serializable>() ); idManager.register( fileRecord ); process( fileRecord, null ); parentFolder.addChild( fileRecord ); if ( file.isVersioned() ) { versionManager.createVersion( fileRecord.getFile().getId(), currentUserProvider.getUser(), versionMessage, new Date() ); } return fileRecord.getFile(); }