private void removePermissionForSid(Sid sid, ObjectIdentity objectIdentity) { MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity, singletonList(sid)); boolean aclUpdated = deleteAceIfExists(sid, acl); if (aclUpdated) { mutableAclService.updateAcl(acl); } }
/** * {@inheritDoc} */ public ExtendedMutableAcl getAclFor(ObjectIdentity oid) { try { return ExtendedMutableAcl.castAndCreate(mutableAclService.readAclById(oid)); } catch (NotFoundException nfe) { return ExtendedMutableAcl.castAndCreate(mutableAclService.createAcl(oid)); } }
private void deleteAcl(PluginIdentity pluginIdentity) { mutableAclService.deleteAcl(pluginIdentity, true); } }
acl = (MutableAcl) aclService.readAclById(identity); } catch (NotFoundException ex) { acl = aclService.createAcl(identity); if (parentAcl.getEntries() == null || parentAcl.getEntries().size() <= 0) { parentAcl.insertAce(0, permissionFactory.buildFromMask(authorityMask), sid, true); aclService.updateAcl(parentAcl); aclService.updateAcl(acl);
private MutableAcl getOrCreateParentAcl(ISecuredObject<?> securedParent, Sid sid, sk.seges.acris.security.shared.user_management.domain.Permission[] permissions, ObjectIdentity identity) { try { MutableAcl parentAcl = (MutableAcl) aclService.readAclById(identity); return parentAcl; } catch (NotFoundException e) { logger.info("No parent with aclId: " + identity.getIdentifier().toString() + " and class: " + identity.getClass().getName() + " not exist, it will be created! "); setAclRecords(securedParent, sid, permissions); return getOrCreateParentAcl(securedParent, sid, permissions, identity); } }
/** * Grant permissions from list to every sid in list on {@code target} object. * * @param sids list of sids * @param permissions list of permissions * @param target secured object */ public void grant(List<? extends Sid> sids, List<Permission> permissions, Entity target) { MutableAcl acl = aclUtil.grant(sids, permissions, target); mutableAclService.updateAcl(acl); }
private void createAcl(Plugin plugin) { try { mutableAclService.createAcl(new PluginIdentity(plugin.getId())); } catch (AlreadyExistsException e) { throw new EntityAlreadyExistsException(plugin, e); } }
/** * Deletes all ACEs defined in the acl_entry table, wired with the presented SID, also wires owner_sid of OID * belongs to SID to another SID, deletes given SID defined in acl_sid. * * @param sid to ACL delete * @param sidHeir will became the owner of ObjectIdentities belongs to sid */ public void deleteSid(Sid sid, Sid sidHeir){ mutableAclService.deleteEntriesForSid(sid, sidHeir); }
private Permissions getPermissions(Sid sid, List<ObjectIdentity> objectIdentities) { Map<ObjectIdentity, Acl> aclMap = mutableAclService.readAclsById(objectIdentities, singletonList(sid)); Set<String> ids = objectIdentities .stream() .map(ObjectIdentity::getIdentifier) .map(Object::toString) .collect(toSet()); return Permissions.create(ids, getPermissions(aclMap, sid)); }
@Override public boolean exists(ObjectIdentity objectIdentity, Sid sid) { MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity, singletonList(sid)); return acl.getEntries().stream().anyMatch(ace -> ace.getSid().equals(sid)); } }
/** * Revoke permissions from lists for every sid in list on {@code target} entity * * @param sids list of sids * @param permissions list of permissions * @param target secured object */ public void restrict(List<? extends Sid> sids, List<Permission> permissions, Entity target) { MutableAcl acl = aclUtil.restrict(sids, permissions, target); mutableAclService.updateAcl(acl); }
@PreAuthorize("hasAnyRole('ROLE_SU')") @Transactional @PostMapping("/update/entityclass/rls") @ResponseStatus(HttpStatus.OK) public void updateEntityClassRls(@Valid @RequestBody EntityTypeRlsRequest entityTypeRlsRequest) { String entityTypeId = entityTypeRlsRequest.getId(); if (systemEntityTypeRegistry.hasSystemEntityType(entityTypeId)) { throw new IllegalArgumentException("Updating system entity type not allowed"); } EntityType entityType = dataService.getEntityType(entityTypeId); String aclClassType = EntityIdentityUtils.toType(entityType); boolean hasAclClass = mutableAclClassService.hasAclClass(aclClassType); if (entityTypeRlsRequest.isRlsEnabled()) { if (!hasAclClass) { mutableAclClassService.createAclClass( aclClassType, EntityIdentityUtils.toIdType(entityType)); dataService .findAll(entityType.getId()) .forEach(entity -> mutableAclService.createAcl(new EntityIdentity(entity))); } } else { if (hasAclClass) { mutableAclClassService.deleteAclClass(aclClassType); } } }
private void createSidPermission( Sid sid, ObjectIdentity objectIdentity, org.springframework.security.acls.model.Permission permission) { MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity, singletonList(sid)); deleteAceIfExists(sid, acl); acl.insertAce(0, permission, sid, true); mutableAclService.updateAcl(acl); }
/** * {@inheritDoc} */ public ExtendedMutableAcl delete(List<? extends Sid> sids, List<Permission> permissions, Entity target) { ObjectIdentity oid = createIdentityFor(target); ExtendedMutableAcl acl = ExtendedMutableAcl.castAndCreate(mutableAclService.readAclById(oid)); deletePermissionsFromAcl(acl, sids, permissions); return acl; }
/** * Delete permissions from list for every sid in list on {@code target} object. * * @param sids list of sids * @param permissions list of permissions * @param target secured object */ public void delete(List<? extends Sid> sids, List<Permission> permissions, Entity target) { MutableAcl acl = aclUtil.delete(sids, permissions, target); mutableAclService.updateAcl(acl); }
/** * Delete object from acl. All permissions will be removed. * * @param clazz object {@code Class} * @param id object id */ public void deleteFromAcl(Class clazz, long id) { if (id <= 0) { throw new IllegalStateException("Object id must be greater then 0."); } ObjectIdentity oid = new ObjectIdentityImpl(clazz, id); mutableAclService.deleteAcl(oid, true); logger.debug("Deleted securedObject" + clazz.getSimpleName() + " with id:" + id); }
@Override public void grant(ObjectIdentity objectIdentity, PermissionSet permissionSet, Sid sid) { MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity); acl.insertAce(acl.getEntries().size(), permissionSet, sid, true); mutableAclService.updateAcl(acl); }
private void updateAces( Sid sid, IdBasedEntity entity, Boolean grantAction, AclPermission... aclPermissions ) { MutableAclService service = aclService; boolean shouldRevoke = grantAction == null; ObjectIdentity objectIdentity = objectIdentity( entity ); MutableAcl acl; try { acl = (MutableAcl) service.readAclById( objectIdentity ); } catch ( NotFoundException nfe ) { acl = aclService.createAcl( objectIdentity ); } for ( AclPermission aclPermission : aclPermissions ) { List<AccessControlEntry> aces = acl.getEntries(); int index = aces.size(); AccessControlEntry ace = findAce( aces, sid, aclPermission ); if ( ace != null && ( shouldRevoke || ace.isGranting() != grantAction ) ) { index = aces.indexOf( ace ); acl.deleteAce( index ); ace = null; } if ( ace == null && !shouldRevoke ) { acl.insertAce( index, aclPermission, sid, grantAction ); } } aclService.updateAcl( acl ); }
@Override @Transactional(propagation = Propagation.REQUIRES_NEW) public void removeAcl(ISecuredObject<?> securedObject) { ObjectIdentityImpl objectIdentity = new ObjectIdentityImpl(securedObject.getSecuredClass(), securedObject.getIdForACL()); aclCache.evictFromCache(objectIdentity); aclService.deleteAcl(objectIdentity, false); }
@Override public void giveUserWriteMetaPermissions(Collection<EntityType> entityTypes) { Sid sid = SidUtils.createSecurityContextSid(); runAsSystem( () -> entityTypes.forEach( entityType -> { MutableAcl acl = (MutableAcl) mutableAclService.readAclById(new EntityTypeIdentity(entityType)); acl.insertAce(acl.getEntries().size(), PermissionSet.WRITEMETA, sid, true); mutableAclService.updateAcl(acl); })); } }