@Override public ACL getACL(String name) { String localName = name == null ? ACL.LOCAL_ACL : name; return acls.stream().filter(acl -> acl.getName().equals(localName)).findFirst().orElse(null); }
@Override public ACL removeACL(String name) { for (int i = 0, len = acls.size(); i < len; i++) { ACL acl = acls.get(i); if (acl.getName().equals(name)) { cache.clear(); return acls.remove(i); } } return null; }
@Override public void addACL(int pos, ACL acl) { ACL oldACL = getACL(acl.getName()); if (oldACL != null) { acls.remove(oldACL); } acls.add(pos, acl); cache.clear(); }
@Override public void addACL(String afterMe, ACL acl) { if (afterMe == null) { addACL(0, acl); } else { int i; int len = acls.size(); for (i = 0; i < len; i++) { if (acls.get(i).getName().equals(afterMe)) { break; } } addACL(i + 1, acl); } }
protected static ACLRow[] acpToAclRows(ACP acp) { List<ACLRow> aclrows = new LinkedList<>(); for (ACL acl : acp.getACLs()) { String name = acl.getName(); if (name.equals(ACL.INHERITED_ACL)) { continue; } for (ACE ace : acl.getACEs()) { addACLRow(aclrows, name, ace); } } ACLRow[] array = new ACLRow[aclrows.size()]; return aclrows.toArray(array); }
@SuppressWarnings("unchecked") private void copyACP(DocumentRef docRef) throws NuxeoException { List<String> aclsToCopyList = Collections.emptyList(); // get the ACP from the source document ACP srcACP = session.getACP(srcDoc.getRef()); // slurp the ACLs to copy if (!doCopyAll && StringUtils.isNotBlank(ACLnames)) { aclsToCopyList = Arrays.asList(ACLnames.split(",")); } // copy the ACLs ACP dstACP = new ACPImpl(); for (ACL srcAcl : srcACP.getACLs()) { if ( doCopyAll || (!doCopyAll && aclsToCopyList.contains(srcAcl.getName())) ) { dstACP.addACL(srcAcl); } } // save new ACP session.setACP(docRef, dstACP, doOverwrite); }
protected void checkNegativeAcl(ACP acp) { if (negativeAclAllowed) { return; } if (acp == null) { return; } for (ACL acl : acp.getACLs()) { if (acl.getName().equals(ACL.INHERITED_ACL)) { continue; } for (ACE ace : acl.getACEs()) { if (ace.isGranted()) { continue; } String permission = ace.getPermission(); if (permission.equals(SecurityConstants.EVERYTHING) && ace.getUsername().equals(SecurityConstants.EVERYONE)) { continue; } // allow Write, as we're sure it doesn't include Read/Browse if (permission.equals(SecurityConstants.WRITE)) { continue; } throw new IllegalArgumentException("Negative ACL not allowed: " + ace); } } }
@Override protected void writeEntityBody(ACP acp, JsonGenerator jg) throws IOException { jg.writeArrayFieldStart("acl"); for (ACL acl : acp.getACLs()) { jg.writeStartObject(); jg.writeStringField("name", acl.getName()); jg.writeArrayFieldStart("ace"); for (ACE ace : acl.getACEs()) { jg.writeStartObject(); jg.writeStringField("id", ace.getId()); jg.writeStringField("username", ace.getUsername()); jg.writeStringField("permission", ace.getPermission()); jg.writeBooleanField("granted", ace.isGranted()); jg.writeStringField("creator", ace.getCreator()); jg.writeStringField("begin", ace.getBegin() != null ? DateParser.formatW3CDateTime(ace.getBegin().getTime()) : null); jg.writeStringField("end", ace.getEnd() != null ? DateParser.formatW3CDateTime(ace.getEnd().getTime()) : null); jg.writeStringField("status", ace.getStatus().toString().toLowerCase()); jg.writeEndObject(); } jg.writeEndArray(); jg.writeEndObject(); } jg.writeEndArray(); }
@Override @WebMethod public WsACE[] getDocumentLocalACL(@WebParam(name = "sessionId") String sid, @WebParam(name = "uuid") String uuid) { logDeprecation(); WSRemotingSession rs = initSession(sid); ACP acp = rs.getDocumentManager().getACP(new IdRef(uuid)); if (acp != null) { ACL mergedAcl = new ACLImpl("MergedACL", true); for (ACL acl : acp.getACLs()) { if (!ACL.INHERITED_ACL.equals(acl.getName())) { mergedAcl.addAll(acl); } } return WsACE.wrap(mergedAcl.toArray(new ACE[mergedAcl.size()])); } else { return null; } }
/** * @param document * @return ACEs of document as List. * @throws NuxeoException */ @OperationMethod public Object run(DocumentModel document) throws NuxeoException { JSONObject allACLs = new JSONObject(); ACP acp = session.getACP(document.getRef()); if (acp != null) { ACL[] acLs = acp.getACLs(); if (ArrayUtils.isNotEmpty(acLs)) { JSONArray inheritedACLs = new JSONArray(); JSONArray localACLs = new JSONArray(); for (ACL acl : acLs) { if (ACL.INHERITED_ACL.equals(acl.getName())) { extractNSetACEs(inheritedACLs, acl); } else if (ACL.LOCAL_ACL.equals(acl.getName())) { extractNSetACEs(localACLs, acl); } } allACLs.element(ACL.INHERITED_ACL, inheritedACLs); allACLs.element(ACL.LOCAL_ACL, localACLs); } } return new StringBlob(allACLs.toString(), "application/json"); }
/** * Feeds security data object with user entries. */ public static void convertToSecurityData(ACP acp, SecurityData securityData) { if (null == acp || null == securityData) { log.error("Null params received, returning..."); return; } securityData.clear(); for (ACL acl : acp.getACLs()) { boolean modifiable = acl.getName().equals(ACL.LOCAL_ACL); for (ACE entry : acl.getACEs()) { if (modifiable) { securityData.addModifiablePrivilege(entry.getUsername(), entry.getPermission(), entry.isGranted()); } else { securityData.addUnModifiablePrivilege(entry.getUsername(), entry.getPermission(), entry.isGranted()); } if (!entry.isGranted() && entry.getUsername().equals(SecurityConstants.EVERYONE) && entry.getPermission().equals(SecurityConstants.EVERYTHING)) { break; } } } // needed so that the user lists are updated securityData.rebuildUserLists(); securityData.setNeedSave(false); }
protected static void readACP(Element element, ACP acp) { ACL[] acls = acp.getACLs(); for (ACL acl : acls) { Element aclElement = element.addElement(ExportConstants.ACL_TAG); aclElement.addAttribute(ExportConstants.NAME_ATTR, acl.getName()); ACE[] aces = acl.getACEs(); for (ACE ace : aces) { Element aceElement = aclElement.addElement(ExportConstants.ACE_TAG); aceElement.addAttribute(ExportConstants.PRINCIPAL_ATTR, ace.getUsername()); aceElement.addAttribute(ExportConstants.PERMISSION_ATTR, ace.getPermission()); aceElement.addAttribute(ExportConstants.GRANT_ATTR, String.valueOf(ace.isGranted())); aceElement.addAttribute(ExportConstants.CREATOR_ATTR, ace.getCreator()); Calendar begin = ace.getBegin(); if (begin != null) { aceElement.addAttribute(ExportConstants.BEGIN_ATTR, DateParser.formatW3CDateTime((begin).getTime())); } Calendar end = ace.getEnd(); if (end != null) { aceElement.addAttribute(ExportConstants.END_ATTR, DateParser.formatW3CDateTime((end).getTime())); } } } }