private boolean checkPermission(Authentication authentication, ObjectIdentity oid, Object permission) { // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); List<Permission> requiredPermission = resolvePermission(permission); final boolean debug = logger.isDebugEnabled(); if (debug) { logger.debug("Checking permission '" + permission + "' for object '" + oid + "'"); } try { // Lookup only ACLs for SIDs we're interested in Acl acl = aclService.readAclById(oid, sids); if (acl.isGranted(requiredPermission, sids, false)) { if (debug) { logger.debug("Access is granted"); } return true; } if (debug) { logger.debug("Returning false - ACLs returned, but insufficient permissions for this principal"); } } catch (NotFoundException nfe) { if (debug) { logger.debug("Returning false - no ACLs apply for this principal"); } } return false; }
boolean administrativeMode) throws NotFoundException { final List<AccessControlEntry> aces = acl.getEntries(); if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) { return acl.getParentAcl().isGranted(permission, sids, false);
@Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("AclImpl["); sb.append("id: ").append(this.id).append("; "); sb.append("objectIdentity: ").append(this.objectIdentity).append("; "); sb.append("owner: ").append(this.owner).append("; "); int count = 0; for (AccessControlEntry ace : aces) { count++; if (count == 1) { sb.append("\n"); } sb.append(ace).append("\n"); } if (count == 0) { sb.append("no ACEs; "); } sb.append("inheriting: ").append(this.entriesInheriting).append("; "); sb.append("parent: ").append( (this.parentAcl == null) ? "Null" : this.parentAcl.getObjectIdentity() .toString()); sb.append("; "); sb.append("aclAuthorizationStrategy: ").append(this.aclAuthorizationStrategy) .append("; "); sb.append("permissionGrantingStrategy: ").append(this.permissionGrantingStrategy); sb.append("]"); return sb.toString(); }
public Object generateAllAceResponses(Acl acl) { List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); while (acl != null) { for (AccessControlEntry ace : acl.getEntries()) { result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } acl = acl.getParentAcl(); } return result; }
if (acl.isSidLoaded(sids)) { result.put(acl.getObjectIdentity(), acl); aclFound = true;
public Builder from(Acl aclData) { if(aclData instanceof MutableAcl) { this.setId((Long)((MutableAcl) aclData).getId()); } final List<AccessControlEntry> srcEntries = aclData.getEntries(); if(srcEntries != null) { final int size = srcEntries.size(); final List<AceData> aceDatas = new ArrayList<>(size); for(int i = 0; i < size; ++i) { AccessControlEntry entry = srcEntries.get(i); AceData aceData = AceDataImpl.builder().from(entry).build(); aceDatas.add(aceData); } this.setEntries(aceDatas); } this.setObjectIdentity(aclData.getObjectIdentity()); this.setOwner(aclData.getOwner()); Acl parentAcl = aclData.getParentAcl(); if(parentAcl != null) { this.setParentAclData(AclDataImpl.builder().from(parentAcl).build()); } this.setEntriesInheriting(aclData.isEntriesInheriting()); return this; }
Assert.notNull(userDetailsService, "userDetailsService is null"); final Sid ownerSid = acl.getOwner(); final String ownerTenantId = getTenantFromSid(ownerSid); if(ownerTenantId == MultiTenancySupport.NO_TENANT) { throw new RuntimeException("Can not retrieve tenant from acl owner: acl.objectIdentity=" + acl.getObjectIdentity().getIdentifier()); final List<AccessControlEntry> aces = acl.getEntries(); pgc.setHasAces(!aces.isEmpty());
private List<Sid> getAllSids(String project) { List<Sid> allSids = new ArrayList<>(); ProjectInstance prj = projectService.getProjectManager().getProject(project); AclEntity ae = accessService.getAclEntity("ProjectInstance", prj.getUuid()); Acl acl = accessService.getAcl(ae); if (acl != null && acl.getEntries() != null) { for (AccessControlEntry ace : acl.getEntries()) { allSids.add(ace.getSid()); } } return allSids; }
assertThat(childAcl.getParentAcl().getObjectIdentity()).isEqualTo(getMiddleParentOid());
public List<String> getAllAclSids(Acl acl, String type) { if (null == acl) { return Collections.emptyList(); } List<String> result = new ArrayList<>(); for (AccessControlEntry ace : acl.getEntries()) { String name = null; if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) { name = ((PrincipalSid) ace.getSid()).getPrincipal(); } if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) { name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority(); } if (!StringUtils.isBlank(name)) { result.add(name); } } return result; }
if (acl.isSidLoaded(sids)) { result.put(acl.getObjectIdentity(), acl); aclFound = true;
protected boolean hasPermission(Authentication authentication, Object domainObject) { // Obtain the OID applicable to the domain object ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy .getObjectIdentity(domainObject); // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); try { // Lookup only ACLs for SIDs we're interested in Acl acl = aclService.readAclById(objectIdentity, sids); return acl.isGranted(requirePermission, sids, false); } catch (NotFoundException ignore) { return false; } }
public boolean isGranted( Acl acl, List<Permission> permission, List<Sid> sids, boolean administrativeMode) { final List<AccessControlEntry> aces = acl.getEntries(); if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) { return acl.getParentAcl().isGranted(permission, sids, false); } else {
resultMap.put(result.getObjectIdentity(), result);
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg, boolean isCaseSensitive) { if (null == acl) { return Collections.emptyList(); } List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); for (AccessControlEntry ace : acl.getEntries()) { if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) { continue; } result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } return result; }
if (acl.isGranted(requirePermission, sids, false)) { if (logger.isDebugEnabled()) { logger.debug("Voting to grant access");
boolean administrativeMode) throws NotFoundException { final List<AccessControlEntry> aces = acl.getEntries(); if (acl.isEntriesInheriting() && (acl.getParentAcl() != null)) { return acl.getParentAcl().isGranted(permission, sids, false);
@Test public void testAllParentsAreRetrievedWhenChildIsLoaded() throws Exception { String query = "INSERT INTO acl_object_identity(ID,OBJECT_ID_CLASS,OBJECT_ID_IDENTITY,PARENT_OBJECT,OWNER_SID,ENTRIES_INHERITING) VALUES (6,2,103,1,1,1);"; getJdbcTemplate().execute(query); ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(100)); ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(101)); ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(102)); ObjectIdentity middleParent2Oid = new ObjectIdentityImpl(TARGET_CLASS, Long.valueOf(103)); // Retrieve the child Map<ObjectIdentity, Acl> map = this.strategy.readAclsById(Arrays.asList(childOid), null); // Check that the child and all its parents were retrieved assertThat(map.get(childOid)).isNotNull(); assertThat(map.get(childOid).getObjectIdentity()).isEqualTo(childOid); assertThat(map.get(middleParentOid)).isNotNull(); assertThat(map.get(middleParentOid).getObjectIdentity()).isEqualTo(middleParentOid); assertThat(map.get(topParentOid)).isNotNull(); assertThat(map.get(topParentOid).getObjectIdentity()).isEqualTo(topParentOid); // The second parent shouldn't have been retrieved assertThat(map.get(middleParent2Oid)).isNull(); }