@Override public String[] listUsernamesForAnyPermission(Set<String> perms) { List<String> usernames = new ArrayList<>(); ACL merged = getMergedACLs("merged"); for (ACE ace : merged.getACEs()) { if (perms.contains(ace.getPermission()) && ace.isGranted()) { String username = ace.getUsername(); if (!usernames.contains(username)) { usernames.add(username); } } } return usernames.toArray(new String[usernames.size()]); }
protected static ACLRow[] acpToAclRows(ACP acp) { List<ACLRow> aclrows = new LinkedList<>(); for (ACL acl : acp.getACLs()) { String name = acl.getName(); if (name.equals(ACL.INHERITED_ACL)) { continue; } for (ACE ace : acl.getACEs()) { addACLRow(aclrows, name, ace); } } ACLRow[] array = new ACLRow[aclrows.size()]; return aclrows.toArray(array); }
/** * Gets IANs of given activity. * * @param session * @param doc * @return login and groups of IANs of activity */ public List<String> getIans(CoreSession session, DocumentModel doc){ List<String> ians = new ArrayList<String>(0); ACP acp = doc.getACP(); for(ACL acl : acp.getACLs()){ for(ACE ace : acl.getACEs()){ String permission = ace.getPermission(); if(CartoSecurityConstants.MANAGE_DUN.equals(permission)){ ians.add(ace.getUsername()); } } } return ians; }
protected void checkNegativeAcl(ACP acp) { if (negativeAclAllowed) { return; } if (acp == null) { return; } for (ACL acl : acp.getACLs()) { if (acl.getName().equals(ACL.INHERITED_ACL)) { continue; } for (ACE ace : acl.getACEs()) { if (ace.isGranted()) { continue; } String permission = ace.getPermission(); if (permission.equals(SecurityConstants.EVERYTHING) && ace.getUsername().equals(SecurityConstants.EVERYONE)) { continue; } // allow Write, as we're sure it doesn't include Read/Browse if (permission.equals(SecurityConstants.WRITE)) { continue; } throw new IllegalArgumentException("Negative ACL not allowed: " + ace); } } }
@Override protected void writeEntityBody(ACP acp, JsonGenerator jg) throws IOException { jg.writeArrayFieldStart("acl"); for (ACL acl : acp.getACLs()) { jg.writeStartObject(); jg.writeStringField("name", acl.getName()); jg.writeArrayFieldStart("ace"); for (ACE ace : acl.getACEs()) { jg.writeStartObject(); jg.writeStringField("id", ace.getId()); jg.writeStringField("username", ace.getUsername()); jg.writeStringField("permission", ace.getPermission()); jg.writeBooleanField("granted", ace.isGranted()); jg.writeStringField("creator", ace.getCreator()); jg.writeStringField("begin", ace.getBegin() != null ? DateParser.formatW3CDateTime(ace.getBegin().getTime()) : null); jg.writeStringField("end", ace.getEnd() != null ? DateParser.formatW3CDateTime(ace.getEnd().getTime()) : null); jg.writeStringField("status", ace.getStatus().toString().toLowerCase()); jg.writeEndObject(); } jg.writeEndArray(); jg.writeEndObject(); } jg.writeEndArray(); }
/** * Extract ACEs of given ACL and set them in JSONArray. * * @param jsonACEs * @param acl */ protected void extractNSetACEs(JSONArray jsonACEs, ACL acl) { ACE[] acEs = acl.getACEs(); if (ArrayUtils.isNotEmpty(acEs)) { List<String> groupIds = userManager.getGroupIds(); for (ACE ace : acEs) { jsonACEs.add(convert(ace, groupIds)); } } }
ACP acpParent = parent.getACP(); for (ACL acl : acpParent.getACLs()) { for (ACE ace : acl.getACEs()) { if (ace.isGranted() && !lstPerm.contains(ace.getPermission())) {
List<ACE> toRemove = new ArrayList<>(); for (ACE ace : acl.getACEs()) { if (currentActors.contains(ace.getUsername()) || taskInitator.equals(ace.getUsername())) { toRemove.add(ace);
for (ACE ace : acl.getACEs()) { if (filter == null || filter.accept(ace)) {
ACE[] aces = acl.getACEs();
for (ACE ace : acl.getACEs()) { if (ace.isGranted() && ace.isEffective() && browsePermissions.contains(ace.getPermission())) { jg.writeString(ace.getUsername());
public List<Permission> getPermissions() { try { ACP acp = ctx.getCoreSession().getACP(getTarget().getAdapter(DocumentModel.class).getRef()); List<Permission> permissions = new ArrayList<Permission>(); for (ACL acl : acp.getACLs()) { for (ACE ace : acl.getACEs()) { permissions.add(new Permission(ace.getUsername(), ace.getPermission(), ace.isGranted())); } } return permissions; } catch (NuxeoException e) { e.addInfo("Failed to get ACLs"); throw e; } }
/** * @param document * @param permission * @return names of groups with given permission. */ protected List<String> getGroupsForPermission(DocumentModel document, String permission) { List<String> groups = new ArrayList<String>(); PrincipalHelper principalHelper = new PrincipalHelper(userManager, permissionProvider); String[] perms = principalHelper.getPermissionsToCheck(permission); ACP acp = document.getACP(); for (ACL acl : acp.getACLs()) { for (ACE ace : acl.getACEs()) { if (ace.isGranted() && permissionMatch(perms, ace.getPermission())) { NuxeoGroup group = userManager.getGroup(ace.getUsername()); if(group != null){ groups.add(group.getName()); } } } } return groups; }
/** * Feeds security data object with user entries. */ public static void convertToSecurityData(ACP acp, SecurityData securityData) { if (null == acp || null == securityData) { log.error("Null params received, returning..."); return; } securityData.clear(); for (ACL acl : acp.getACLs()) { boolean modifiable = acl.getName().equals(ACL.LOCAL_ACL); for (ACE entry : acl.getACEs()) { if (modifiable) { securityData.addModifiablePrivilege(entry.getUsername(), entry.getPermission(), entry.isGranted()); } else { securityData.addUnModifiablePrivilege(entry.getUsername(), entry.getPermission(), entry.isGranted()); } if (!entry.isGranted() && entry.getUsername().equals(SecurityConstants.EVERYONE) && entry.getPermission().equals(SecurityConstants.EVERYTHING)) { break; } } } // needed so that the user lists are updated securityData.rebuildUserLists(); securityData.setNeedSave(false); }
return; ACE[] aces = acl.getACEs();
protected static void readACP(Element element, ACP acp) { ACL[] acls = acp.getACLs(); for (ACL acl : acls) { Element aclElement = element.addElement(ExportConstants.ACL_TAG); aclElement.addAttribute(ExportConstants.NAME_ATTR, acl.getName()); ACE[] aces = acl.getACEs(); for (ACE ace : aces) { Element aceElement = aclElement.addElement(ExportConstants.ACE_TAG); aceElement.addAttribute(ExportConstants.PRINCIPAL_ATTR, ace.getUsername()); aceElement.addAttribute(ExportConstants.PERMISSION_ATTR, ace.getPermission()); aceElement.addAttribute(ExportConstants.GRANT_ATTR, String.valueOf(ace.isGranted())); aceElement.addAttribute(ExportConstants.CREATOR_ATTR, ace.getCreator()); Calendar begin = ace.getBegin(); if (begin != null) { aceElement.addAttribute(ExportConstants.BEGIN_ATTR, DateParser.formatW3CDateTime((begin).getTime())); } Calendar end = ace.getEnd(); if (end != null) { aceElement.addAttribute(ExportConstants.END_ATTR, DateParser.formatW3CDateTime((end).getTime())); } } } }
@OperationMethod public Blob run(DocumentModel doc) throws Exception { JSONArray rows = new JSONArray(); ACP acp = doc.getACP(); ACL[] aclTab = acp.getACLs(); for(int i=0;i<aclTab.length;i++){ ACL acl = aclTab[i]; ACE[] aceTab = acl.getACEs(); for(int j=0;j<aceTab.length;j++){ ACE ace = aceTab[j]; JSONObject obj = new JSONObject(); if(ace.isGranted()){ obj.element("userOrGroup", ace.getUsername()); obj.element("permission", ace.getPermission()); rows.add(obj); } } } if(rows.size()>0){ return new StringBlob(rows.toString(), "application/json"); }else{ return null; } }
for (ACE ace : acl.getACEs()) { if (ace.isGranted() && permissionMatch(perms, ace.getPermission())) {