@Override protected boolean isAdminAction(Action action) { return action.implies(DatasourceAccessControl.CHANGE_PERMS); } }
@Override protected boolean isAdminAction(Action action) { return action.implies(CategoryAccessControl.CHANGE_PERMS); } }
@Override protected boolean isAdminAction(Action action) { return action.implies(FeedAccessControl.CHANGE_PERMS); }
@Override protected boolean isAdminAction(Action action) { return action.implies(DatasourceAccessControl.CHANGE_PERMS); }
@Override protected boolean isAdminAction(Action action) { return action.implies(TemplateAccessControl.CHANGE_PERMS); } }
@Override protected boolean isAdminAction(Action action) { return action.implies(ConnectorAccessControl.CHANGE_PERMS); }
@Override protected boolean isAdminAction(Action action) { return action.implies(ProjectAccessControl.CHANGE_PERMS); }
protected void updateEntityAccess(Principal principal, Set<? extends Action> actions) { Set<String> privs = new HashSet<>(); actions.forEach(action -> { //When Change Perms comes through the user needs write access to the allowed actions tree to grant additonal access if (action.implies(ProjectAccessControl.CHANGE_PERMS)) { Collections.addAll(privs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL); } else if (action.implies(ProjectAccessControl.EDIT_PROJECT)) { privs.add(Privilege.JCR_ALL); } else if (action.implies(ProjectAccessControl.ACCESS_PROJECT)) { privs.add(javax.jcr.security.Privilege.JCR_READ); } }); JcrAccessControlUtil.setPermissions(this.project.getNode(), principal, privs); }
protected void updateEntityAccess(Principal principal, Set<? extends Action> actions) { Set<String> privs = new HashSet<>(); actions.forEach(action -> { //When Change Perms comes through the user needs write access to the allowed actions tree to grant additonal access if (action.implies(TemplateAccessControl.CHANGE_PERMS)) { Collections.addAll(privs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL); } else if (action.implies(TemplateAccessControl.EDIT_TEMPLATE)) { privs.add(Privilege.JCR_ALL); } else if (action.implies(TemplateAccessControl.ACCESS_TEMPLATE)) { privs.add(Privilege.JCR_READ); } }); JcrAccessControlUtil.setPermissions(this.template.getNode(), principal, privs); }
if (action.implies(CategoryAccessControl.CHANGE_PERMS)) { Collections.addAll(detailPrivs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL); Collections.addAll(summaryPrivs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL); } else if (action.implies(CategoryAccessControl.EDIT_DETAILS)) { detailPrivs.add(Privilege.JCR_ALL); } else if (action.implies(CategoryAccessControl.EDIT_SUMMARY)) { summaryPrivs.add(Privilege.JCR_ALL); } else if (action.implies(CategoryAccessControl.CREATE_FEED)) { Privilege.JCR_MODIFY_ACCESS_CONTROL); Collections.addAll(summaryPrivs, Privilege.JCR_MODIFY_PROPERTIES); } else if (action.implies(CategoryAccessControl.ACCESS_DETAILS)) { detailPrivs.add(Privilege.JCR_READ); } else if (action.implies(CategoryAccessControl.ACCESS_CATEGORY)) { summaryPrivs.add(Privilege.JCR_READ);
/** * Enables the specified actions for the specified principal. * * @param principal the subject * @param actions the allowed actions */ protected void updateEntityAccess(@Nonnull final Principal principal, @Nonnull final Collection<? extends Action> actions) { Set<String> detailPrivs = new HashSet<>(); Set<String> summaryPrivs = new HashSet<>(); actions.forEach(action -> { if (action.implies(DatasourceAccessControl.CHANGE_PERMS)) { Collections.addAll(detailPrivs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL); Collections.addAll(summaryPrivs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL); } else if (action.implies(DatasourceAccessControl.EDIT_DETAILS)) { detailPrivs.add(Privilege.JCR_ALL); } else if (action.implies(DatasourceAccessControl.EDIT_SUMMARY)) { summaryPrivs.add(Privilege.JCR_ALL); } else if (action.implies(DatasourceAccessControl.ACCESS_DETAILS)) { detailPrivs.add(Privilege.JCR_READ); } else if (action.implies(DatasourceAccessControl.ACCESS_DATASOURCE)) { summaryPrivs.add(Privilege.JCR_READ); } }); JcrAccessControlUtil.setPermissions(this.datasource.getNode(), principal, summaryPrivs); this.datasource.getDetails().ifPresent(d -> JcrAccessControlUtil.setPermissions(d.getNode(), principal, detailPrivs)); }
protected void updateEntityAccess(Principal principal, Set<? extends Action> actions) { Set<String> privileges = new HashSet<>(); // Collect all JCR privilege changes based on the specified actions. actions.forEach(action -> { if (action.implies(ConnectorAccessControl.CHANGE_PERMS)) { Collections.addAll(privileges, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL); } else if (action.implies(ConnectorAccessControl.EDIT_CONNECTOR)) { privileges.add(Privilege.JCR_ALL); } else if (action.implies(ConnectorAccessControl.ACCESS_CONNECTOR)) { privileges.add(Privilege.JCR_READ); } }); // allow user to create datasets under this datasource if(privileges.contains(Privilege.JCR_READ) || privileges.contains(Privilege.JCR_ALL)){ JcrAccessControlUtil.setPermissions(this.connector.getDataSourcesNode(),principal,Privilege.JCR_ALL); } else { JcrAccessControlUtil.removePermissions(this.connector.getDataSourcesNode(),principal,Privilege.JCR_ALL); } JcrAccessControlUtil.setPermissions(this.connector.getNode(), principal, privileges); //update children entity access //this causes a recursive loop. //comment out with need to revisit later // this.connector.getDataSources().stream().forEach(ds ->{ // ((JcrDataSource)ds).updateRolePermissions(principal); // }); ensureDataSourceConnectorAccess(); }
if (action.implies(DatasourceAccessControl.CHANGE_PERMS)) { Collections.addAll(detailPrivs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL); Collections.addAll(summaryPrivs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL); } else if (action.implies(DatasourceAccessControl.EDIT_DETAILS) || action.implies(DatasourceAccessControl.EDIT_SUMMARY)) { detailPrivs.add(Privilege.JCR_ALL); summaryPrivs.add(Privilege.JCR_ALL); } else if (action.implies(DatasourceAccessControl.ACCESS_DETAILS) || action.implies(DatasourceAccessControl.ACCESS_DATASOURCE)) { detailPrivs.add(Privilege.JCR_READ); summaryPrivs.add(Privilege.JCR_READ);
if (actions.stream().filter(action -> action.implies(FeedAccessControl.ACCESS_OPS)).findFirst().isPresent()) { this.feed.getOpsAccessProvider().ifPresent(provider -> provider.grantAccess(feed.getId(), principal)); } else { if (action.implies(FeedAccessControl.CHANGE_PERMS)) { Collections.addAll(summaryPrivs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL); Collections.addAll(detailPrivs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL); Collections.addAll(dataPrivs, Privilege.JCR_READ_ACCESS_CONTROL, Privilege.JCR_MODIFY_ACCESS_CONTROL); } else if (action.implies(FeedAccessControl.EDIT_DETAILS)) { summaryPrivs.add(Privilege.JCR_ALL); detailPrivs.add(Privilege.JCR_ALL); dataPrivs.add(Privilege.JCR_ALL); } else if (action.implies(FeedAccessControl.EDIT_SUMMARY)) { summaryPrivs.add(Privilege.JCR_ALL); } else if (action.implies(FeedAccessControl.ACCESS_DETAILS)) { detailPrivs.add(Privilege.JCR_READ); dataPrivs.add(Privilege.JCR_READ); } else if (action.implies(FeedAccessControl.ACCESS_FEED)) { summaryPrivs.add(Privilege.JCR_READ);