@Override public boolean blockInheritance(String username) { boolean aclChanged = false; List<ACE> aces = Lists.newArrayList(getACEs()); if (!aces.contains(ACE.BLOCK)) { aces.add(ACE.builder(username, SecurityConstants.EVERYTHING).creator(username).build()); aces.addAll(getAdminEverythingACES()); aces.add(ACE.BLOCK); aclChanged = true; setACEs(aces.toArray(new ACE[aces.size()])); } return aclChanged; }
builder.creator(parts[3]);
.creator(creator) .begin(begin) .end(end)
ACE ace = ACE.builder(username, permission) .isGranted(grant) .creator(creator) .begin(begin) .end(end)
acp.addACE(ACL.LOCAL_ACL, ACE.builder(targetPrincipal.getName(), (String) doc.getPropertyValue("docinfo:permission")) .creator((String) doc.getPropertyValue("docinfo:creator")) .contextData(contextData) .build());
/** * @param acp The ACP to modify * @param aclName the name of the ACL to target * @param userName the name of the principal (user or group) * @param permission the permission of the ACE * @param blockInheritance should we block inheritance * @param currentPrincipalName the creator * @param begin the begin date of the ACE * @param end the end date of the ACE * @return true if something has changed on the document security * @since 7.4 */ public static boolean addPermission(ACP acp, String aclName, String userName, String permission, boolean blockInheritance, String currentPrincipalName, Calendar begin, Calendar end, Map<String, Serializable> contextData) { boolean acpChanged = false; if (blockInheritance) { acpChanged = acp.blockInheritance(aclName, currentPrincipalName); } acpChanged = acpChanged || acp.addACE(aclName, ACE.builder(userName, permission) .creator(currentPrincipalName) .begin(begin) .end(end) .contextData(contextData) .build()); return acpChanged; }
protected static ACP aclRowsToACP(ACLRow[] acls) { ACP acp = new ACPImpl(); ACL acl = null; String name = null; for (ACLRow aclrow : acls) { if (!aclrow.name.equals(name)) { if (acl != null) { acp.addACL(acl); } name = aclrow.name; acl = new ACLImpl(name); } // XXX should prefix user/group String user = aclrow.user; if (user == null) { user = aclrow.group; } acl.add(ACE.builder(user, aclrow.permission) .isGranted(aclrow.grant) .creator(aclrow.creator) .begin(aclrow.begin) .end(aclrow.end) .build()); } if (acl != null) { acp.addACL(acl); } return acp; }
protected void addPermission(DocumentModel doc) { ACP acp = doc.getACP() != null ? doc.getACP() : new ACPImpl(); Map<String, Serializable> contextData = new HashMap<>(); contextData.put(NOTIFY_KEY, notify); contextData.put(COMMENT_KEY, comment); String creator = session.getPrincipal().getName(); boolean permissionChanged = false; if (blockInheritance) { permissionChanged = acp.blockInheritance(aclName, creator); } for (String username : users) { ACE ace = ACE.builder(username, permission) .creator(creator) .begin(begin) .end(end) .contextData(contextData) .build(); permissionChanged = acp.addACE(aclName, ace) || permissionChanged; } if (permissionChanged) { doc.setACP(acp, true); } }
@Override public void run() { for (DocumentModel doc : docs) { ACP acp = doc.getACP(); acp.removeACL(aclName); ACL acl = new ACLImpl(aclName); for (String actorId : actorIds) { acl.add(ACE.builder(actorId, permission).creator(ACTOR_ACE_CREATOR).build()); } acp.addACL(0, acl); // add first to get before blocks doc.setACP(acp, true); session.saveDocument(doc); } }
protected void replacePermission(DocumentModel doc) { Map<String, Serializable> contextData = new HashMap<>(); contextData.put(NOTIFY_KEY, notify); contextData.put(COMMENT_KEY, comment); ACE oldACE = ACE.fromId(id); ACE newACE = ACE.builder(user, permission) .creator(session.getPrincipal().getName()) .begin(begin) .end(end) .contextData(contextData) .build(); session.replaceACE(doc.getRef(), aclName, oldACE, newACE); }