@Override public Object clone() { return new ACE(username, permission, isGranted, creator, begin, end, contextData); }
public ACE build() { return new ACE(username, permission, isGranted, creator, begin, end, contextData); } }
protected List<ACE> getAdminEverythingACES() { List<ACE> aces = new ArrayList<>(); AdministratorGroupsProvider provider = Framework.getService(AdministratorGroupsProvider.class); List<String> administratorsGroups = provider.getAdministratorsGroups(); for (String adminGroup : administratorsGroups) { aces.add(new ACE(adminGroup, SecurityConstants.EVERYTHING, true)); } return aces; }
@Override public void setRules(String aclName, UserEntry[] userEntries, boolean overwrite) { ACL acl = getACL(aclName); if (acl == null) { // create the loca ACL acl = new ACLImpl(aclName); addACL(acl); } else if (overwrite) { // :XXX: Should not overwrite entries not given as parameters here. acl.clear(); } for (UserEntry entry : userEntries) { String username = entry.getUserName(); for (String permission : entry.getGrantedPermissions()) { acl.add(new ACE(username, permission, true)); } for (String permission : entry.getDeniedPermissions()) { acl.add(new ACE(username, permission, false)); } } cache.clear(); }
/** * Getter for block inheritance ACE. * * @return block inheritance ACE */ public static ACE getBlockInheritanceACe(){ return new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false); }
/** * @return */ protected List<ACE> getACEs() { List<ACE> aces = new ArrayList<ACE>(); for (String group : getUserManager().getAdministratorsGroups()) { aces.add(new ACE(group, SecurityConstants.EVERYTHING, true)); } aces.add(new ACE(DocumentRoutingConstants.ROUTE_MANAGERS_GROUP_NAME, SecurityConstants.READ_WRITE, true)); aces.add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false)); return aces; }
/** * Gets list of Master Owners of document. * * @return list of Master Owners of document */ public static List<ACE> getMasterOwnerACEs(CoreSession session, DocumentModel document){ List<ACE> acEs = new ArrayList<ACE>(0); List<String> masterOwners = MasterOwnerSecurityHelper.getMasterOwners(session, document); for (String masterOwner : masterOwners){ ACE ace = new ACE(masterOwner, ToutaticeNuxeoStudioConst.CST_PERM_MASTER_OWNER); acEs.add(ace); } return acEs; }
/** * Return a list of ACE giving everything permission to admin groups. * * @return list of ACE */ public static List<ACE> getAdminEverythingACEs() { List<ACE> result = new ArrayList<>(); UserManager um = Framework.getLocalService(UserManager.class); List<String> administratorsGroups = um.getAdministratorsGroups(); for (String adminGroup : administratorsGroups) { result.add(new ACE(adminGroup, SecurityConstants.EVERYTHING, true)); } return result; }
protected void setFolderPermissions(CoreSession session, DocumentModel documentModel) { ACP acp = new ACPImpl(); ACE grantAddChildren = new ACE("members", SecurityConstants.ADD_CHILDREN, true); ACE grantRemoveChildren = new ACE("members", SecurityConstants.REMOVE_CHILDREN, true); ACE grantRemove = new ACE("members", SecurityConstants.REMOVE, true); ACL acl = new ACLImpl(); acl.setACEs(new ACE[] { grantAddChildren, grantRemoveChildren, grantRemove }); acp.addACL(acl); session.setACP(documentModel.getRef(), acp, true); }
protected void setFoldersACL(DocumentModel doc, String userName) throws ClientException { ACP acp = new ACPImpl(); ACE grantMembersRead = new ACE(SecurityConstants.EVERYONE, SecurityConstants.READ, true); ACE grantEverything = new ACE(userName, SecurityConstants.EVERYTHING, true); ACL acl = new ACLImpl(); acl.setACEs(new ACE[] { grantMembersRead, grantEverything }); acp.addACL(acl); doc.setACP(acp, true); } }
protected void setCommentPermissions(CoreSession session, DocumentModel documentModel) { ACP acp = new ACPImpl(); ACE grantRead = new ACE(SecurityConstants.EVERYONE, SecurityConstants.READ, true); ACE grantRemove = new ACE("members", SecurityConstants.REMOVE, true); ACL acl = new ACLImpl(); acl.setACEs(new ACE[] { grantRead, grantRemove }); acp.addACL(acl); session.setACP(documentModel.getRef(), acp, true); }
@Override public void populate(CoreSession session) { super.populate(session); DocumentModel test = session.getDocument(new PathRef(ROOT)); ACP acp = new ACPImpl(); ACL acl = new ACLImpl(); acl.add(new ACE("Administrator", "Everything", true)); acl.add(new ACE(USERNAME, "WriteProperties", true)); acl.add(new ACE(USERNAME, "Read", true)); acp.addACL(acl); test.setACP(acp, false); createChildren(session, test, SIZE); }
/** * @since 10.3 */ protected DocumentModel initCreateFavorites(CoreSession session, DocumentModel favorites) { ACP acp = new ACPImpl(); ACE denyEverything = new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false); ACE allowEverything = new ACE(session.getPrincipal().getName(), SecurityConstants.EVERYTHING, true); ACL acl = new ACLImpl(); acl.setACEs(new ACE[] { allowEverything, denyEverything }); acp.addACL(acl); favorites.setACP(acp, true); return favorites; }
/** * @since 10.3 */ protected DocumentModel initDefaultCollectionsRoot(final CoreSession session, DocumentModel collectionsRoot) { ACP acp = new ACPImpl(); ACE denyEverything = new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false); ACE allowEverything = new ACE(session.getPrincipal().getName(), SecurityConstants.EVERYTHING, true); ACL acl = new ACLImpl(); acl.setACEs(new ACE[] { allowEverything, denyEverything }); acp.addACL(acl); collectionsRoot.setACP(acp, true); return collectionsRoot; }
/** * Gets default local ACL, i.e. when inheritance * is blocked. * * @return default local ACL */ public static ACL buildDefaultLocalACL(CoreSession session, DocumentModel document) { ACL acl = new ACLImpl(); String currentUser = session.getPrincipal().getName(); acl.add(new ACE(currentUser, SecurityConstants.EVERYTHING)); // acl.addAll(ACEsOperationHelper.getAdminEverythingACEs()); acl.addAll(getMasterOwnerACEs(session, document)); return acl; }
@Override public void run() { DocumentModel doc = session.getDocument(ref); ACP acp = new ACPImpl(); // add new ACL to set READ permission to everyone ACL routingACL = acp.getOrCreateACL(DocumentRoutingConstants.DOCUMENT_ROUTING_ACL); routingACL.add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.READ, true)); // block rights inheritance ACL localACL = acp.getOrCreateACL(ACL.LOCAL_ACL); localACL.add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false)); doc.setACP(acp, true); session.saveDocument(doc); } }
@Override protected DocumentModel initCreateUserWorkspacesRoot(CoreSession unrestrictedSession, DocumentModel doc) { ACP acp = new ACPImpl(); ACE denyEverything = new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false); ACL acl = new ACLImpl(); acl.setACEs(new ACE[] { denyEverything }); acp.addACL(acl); doc.setACP(acp, true); return doc; }
protected void setPermissionOnDocument(CoreSession session, String userOrGroup, String permission) { ACP acp = document.getACP(); ACL routingACL = acp.getOrCreateACL(DocumentRoutingConstants.DOCUMENT_ROUTING_ACL); routingACL.add(new ACE(userOrGroup, permission, true)); document.setACP(acp, true); session.saveDocument(document); }
protected void setACE(DocumentRef ref) { ACPImpl acp = new ACPImpl(); ACLImpl acl = new ACLImpl(aclName); acp.addACL(acl); ACE ace = new ACE(user, permission, grant); acl.add(ace); session.setACP(ref, acp, overwrite); }
protected static void setLocalAcl(CoreSession session, DocumentModel doc, String value) { ACPImpl acp = new ACPImpl(); ACLImpl acl = new ACLImpl(ACL.LOCAL_ACL); acp.addACL(acl); String[] entries = StringUtils.split(value, ',', true); if (entries.length == 0) { return; } for (String entry : entries) { String[] ace = StringUtils.split(entry, ':', true); acl.add(new ACE(ace[0], ace[1], Boolean.parseBoolean(ace[2]))); } session.setACP(doc.getRef(), acp, false); }