@Override public void setAcl( ObjectId fileId, ObjectAcl objectAcl ) throws KettleException { try { RepositoryFileAcl acl = pur.getAcl( fileId.getId() ); RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder( acl ).entriesInheriting( objectAcl.isEntriesInheriting() ).clearAces(); if ( !objectAcl.isEntriesInheriting() ) { List<ObjectAce> aces = objectAcl.getAces(); for ( ObjectAce objectAce : aces ) { EnumSet<RepositoryFilePermission> permissions = objectAce.getPermissions(); EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf( RepositoryFilePermission.class ); ObjectRecipient recipient = objectAce.getRecipient(); RepositoryFileSid sid; if ( recipient.getType().equals( Type.ROLE ) ) { sid = new RepositoryFileSid( recipient.getName(), RepositoryFileSid.Type.ROLE ); } else { sid = new RepositoryFileSid( recipient.getName() ); } if ( permissions != null ) { permissionSet.addAll( permissions ); } newAclBuilder.ace( sid, permissionSet ); } } pur.updateAcl( newAclBuilder.build() ); } catch ( Exception drfe ) { // The user does not have rights to view or set the acl information. throw new KettleException( drfe ); } }
ObjectRecipient owner = new RepositoryObjectRecipient( sid.getName() ); if ( sid.getType().equals( RepositoryFileSid.Type.USER ) ) { owner.setType( Type.USER ); } else { EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf( RepositoryFilePermission.class ); RepositoryFileSid aceSid = ace.getSid(); ObjectRecipient recipient = new RepositoryObjectRecipient( aceSid.getName() ); if ( aceSid.getType().equals( RepositoryFileSid.Type.USER ) ) { recipient.setType( Type.USER ); } else {
public static void addAce( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission ) throws RepositoryException { RepositoryFileSid newRecipient = recipient; if ( JcrTenantUtils.getUserNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( recipient.getName() ), recipient.getType() ); } RepositoryFileAcl acl = getAcl( session, pentahoJcrConstants, id ); RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder( acl ).ace( newRecipient, permission ).build(); updateAcl( session, updatedAcl ); }
private boolean hasAccess( final Serializable fileId, final EnumSet<RepositoryFilePermission> permissions ) { String username = currentUserProvider.getUser(); List<String> roles = currentUserProvider.getRoles(); RepositoryFileAcl acl = idManager.getFileById( fileId ).getAcl(); if ( acl.getOwner().getType() == USER && acl.getOwner().getName().equals( username ) ) { return true; // owner can do anything } List<RepositoryFileAce> aces = internalGetEffectiveAces( fileId ); for ( RepositoryFileAce ace : aces ) { if ( ace.getSid().equals( everyone() ) && ace.getPermissions().containsAll( permissions ) ) { return true; // match special everyone role } else if ( ace.getSid().getType() == USER && ace.getSid().getName().equals( username ) && ace.getPermissions().containsAll( permissions ) ) { return true; // match on user } for ( String role : roles ) { if ( ace.getSid().getType() == ROLE && ace.getSid().getName().equals( role ) && ace.getPermissions().containsAll( permissions ) ) { return true; // match on role } } } return false; }
RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder( acl.getId(), acl.getOwner().getName(), RepositoryFileSid.Type.ROLE ); aclBuilder.aces( acl.getAces() ); PentahoSystem.get( String.class, "singleTenantAdminAuthorityName", PentahoSessionHolder.getSession() ); RepositoryFileAce adminGroup = new RepositoryFileAce( new RepositoryFileSid( adminRoleName, RepositoryFileSid.Type.ROLE ), RepositoryFilePermission.ALL ); aclBuilder.ace( adminGroup );
Date modifiedDate = repositoryFile.getLastModifiedDate(); String ownerName = repositoryFileAcl != null ? repositoryFileAcl.getOwner().getName() : ""; boolean deleted = isDeleted( repositoryFile ); RepositoryDirectoryInterface directory = findDirectory( parentPath );
return false; } else if ( !owner.equals( other.owner ) ) { return false;
@Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ( ( aces == null ) ? 0 : aces.hashCode() ); result = prime * result + ( entriesInheriting ? 1231 : 1237 ); result = prime * result + ( ( id == null ) ? 0 : id.hashCode() ); result = prime * result + ( ( owner == null ) ? 0 : owner.hashCode() ); return result; }
public static void setOwner( final Session session, final PentahoJcrConstants pentahoJcrConstants, final RepositoryFile file, final RepositoryFileSid owner ) throws RepositoryException { RepositoryFileSid newOwnerSid = owner; if ( JcrTenantUtils.getUserNameUtils().getTenant( owner.getName() ) == null ) { newOwnerSid = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( owner.getName() ), owner.getType() ); } RepositoryFileAcl acl = getAcl( session, pentahoJcrConstants, file.getId() ); RepositoryFileAcl newAcl = new RepositoryFileAcl.Builder( acl ).owner( newOwnerSid ).build(); updateAcl( session, newAcl ); }
@Override public String getUser() { return MockUnifiedRepository.root().getName(); }
@Override public boolean equals( Object obj ) { if ( this == obj ) { return true; } if ( obj == null ) { return false; } if ( getClass() != obj.getClass() ) { return false; } RepositoryFileAce other = (RepositoryFileAce) obj; if ( permissions == null ) { if ( other.permissions != null ) { return false; } } else if ( !permissions.equals( other.permissions ) ) { return false; } if ( recipient == null ) { if ( other.recipient != null ) { return false; } } else if ( !recipient.equals( other.recipient ) ) { return false; } return true; }
@Override public int hashCode() { final int prime = 31; int result = 1; result = prime * result + ( ( permissions == null ) ? 0 : permissions.hashCode() ); result = prime * result + ( ( recipient == null ) ? 0 : recipient.hashCode() ); return result; }
/** * Creates a {@code Builder} where the {@code owner} is a {@code RepositoryFileSid.Type.USER}. * * @param owner */ public Builder( final String owner ) { this( new RepositoryFileSid( owner ) ); }
public void addAce( final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission ) { if ( isKioskEnabled() ) { throw new RuntimeException( Messages.getInstance().getString( "JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED" ) ); //$NON-NLS-1$ } Assert.notNull( id ); Assert.notNull( recipient ); Assert.notNull( permission ); RepositoryFileAcl acl = getAcl( id ); Assert.notNull( acl ); // TODO mlowery find an ACE with the recipient and update that rather than adding a new ACE RepositoryFileSid newRecipient = recipient; if ( recipient.getType().equals( Type.USER ) ) { if ( JcrTenantUtils.getUserNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( recipient.getName() ), recipient.getType() ); } } else { if ( JcrTenantUtils.getRoleNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedRole( recipient.getName() ), recipient.getType() ); } } RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder( acl ).ace( newRecipient, permission ).build(); updateAcl( updatedAcl ); logger.debug( "added ace: id=" + id + ", sid=" + recipient + ", permission=" + permission ); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ }
@Override public RepositoryFileAclDto marshal( final RepositoryFileAcl v ) { RepositoryFileAclDto aclDto = new RepositoryFileAclDto(); Serializable id = v.getId(); aclDto.setId( id != null ? id.toString() : null ); RepositoryFileSid owner = v.getOwner(); if ( owner != null ) { aclDto.setOwner( owner.getName() ); aclDto.setOwnerType( owner.getType() != null ? owner.getType().ordinal() : -1 ); } aclDto.setAces( toAcesDto( v.getAces() ), v.isEntriesInheriting() ); return aclDto; }
public void setUp() throws Exception { IUnifiedRepository repository = new MockUnifiedRepository( new MockUnifiedRepository.SpringSecurityCurrentUserProvider() ); datasourceMgmtService = new JcrBackedDatasourceMgmtService( repository, new DatabaseDialectService() ); datasourceMgmtWebService = new DefaultDatasourceMgmtWebService( datasourceMgmtService ); dbConnectionAdapter = new DatabaseConnectionAdapter(); SecurityContextHolder.getContext() .setAuthentication( new UsernamePasswordAuthenticationToken( MockUnifiedRepository.root().getName(), null, new ArrayList<GrantedAuthority>() ) ); repository.createFolder( repository.getFile( "/etc" ).getId(), new RepositoryFile.Builder( FOLDER_PDI ).folder( true ).build(), new RepositoryFileAcl.Builder( MockUnifiedRepository.root() ).ace( MockUnifiedRepository.everyone(), READ, WRITE ).build(), null ); repository.createFolder( repository.getFile( "/etc/pdi" ).getId(), new RepositoryFile.Builder( FOLDER_DATABASES ) .folder( true ).build(), null ); SecurityContextHolder.getContext().setAuthentication( new UsernamePasswordAuthenticationToken( EXP_LOGIN, null, new ArrayList<GrantedAuthority>() ) ); KettleClientEnvironment.init(); }
public Builder( final Serializable id, final String name, final RepositoryFileSid.Type type ) { this( id, new RepositoryFileSid( name, type ) ); }
public static RepositoryFileAclAceDto toAceDto( RepositoryFileAce v ) { RepositoryFileAclAceDto aceDto = new RepositoryFileAclAceDto(); RepositoryFileSid sid = v.getSid(); aceDto.setRecipient( sid.getName() ); aceDto.setRecipientType( sid.getType().ordinal() ); aceDto.setPermissions( toIntPerms( v.getPermissions() ) ); return aceDto; }
@Override protected void setUp() throws Exception { IUnifiedRepository repository = new MockUnifiedRepository( new MockUnifiedRepository.SpringSecurityCurrentUserProvider() ); datasourceMgmtService = new JcrBackedDatasourceMgmtService( repository, new DatabaseDialectService() ); datasourceMgmtWS = new DefaultDatasourceMgmtWebService( datasourceMgmtService ); adapter = new DatasourceMgmtToWebServiceAdapter( datasourceMgmtWS ); SecurityContextHolder.getContext() .setAuthentication( new UsernamePasswordAuthenticationToken( MockUnifiedRepository.root().getName(), null, new ArrayList<GrantedAuthority>() ) ); repository.createFolder( repository.getFile( "/etc" ).getId(), new RepositoryFile.Builder( FOLDER_PDI ).folder( true ).build(), new RepositoryFileAcl.Builder( MockUnifiedRepository.root() ).ace( MockUnifiedRepository.everyone(), READ, WRITE ).build(), null ); repository.createFolder( repository.getFile( "/etc/pdi" ).getId(), new RepositoryFile.Builder( FOLDER_DATABASES ) .folder( true ).build(), null ); SecurityContextHolder.getContext().setAuthentication( new UsernamePasswordAuthenticationToken( EXP_LOGIN, null, new ArrayList<GrantedAuthority>() ) ); KettleClientEnvironment.init(); }