oldACL.clear(); oldACL.addAll(acl); } else {
@Override public void setRules(String aclName, UserEntry[] userEntries, boolean overwrite) { ACL acl = getACL(aclName); if (acl == null) { // create the loca ACL acl = new ACLImpl(aclName); addACL(acl); } else if (overwrite) { // :XXX: Should not overwrite entries not given as parameters here. acl.clear(); } for (UserEntry entry : userEntries) { String username = entry.getUserName(); for (String permission : entry.getGrantedPermissions()) { acl.add(new ACE(username, permission, true)); } for (String permission : entry.getDeniedPermissions()) { acl.add(new ACE(username, permission, false)); } } cache.clear(); }
protected void setAcl(List<ACEDescriptor> aces, DocumentRef ref) { if (aces != null && !aces.isEmpty()) { ACP acp = session.getACP(ref); ACL existingACL = acp.getOrCreateACL(); // clean any existing ACL (should a merge strategy be adopted // instead?) existingACL.clear(); // add the the ACL defined in the descriptor for (ACEDescriptor ace : aces) { existingACL.add(new ACE(ace.getPrincipal(), ace.getPermission(), ace.getGranted())); } // read the acl to invalidate the ACPImpl cache acp.addACL(existingACL); session.setACP(ref, acp, true); } }
@Override public void run() { ACP acp = session.getACP(ref); ACL acl = acp.getOrCreateACL(aclName); acl.clear(); for (String validator : validators) { acl.add(new ACE(validator, SecurityConstants.READ)); acl.add(new ACE(validator, SecurityConstants.WRITE)); } // Give View permission to the user who submitted for publishing. acl.add(new ACE(principal.getName(), SecurityConstants.READ)); // Allow administrators too. UserManager userManager = Framework.getService(UserManager.class); for (String group : userManager.getAdministratorsGroups()) { acl.add(new ACE(group, SecurityConstants.EVERYTHING)); } // Deny everyone else. acl.add(ACE.BLOCK); session.setACP(ref, acp, true); session.save(); }