@Override public void setAcl( ObjectId fileId, ObjectAcl objectAcl ) throws KettleException { try { RepositoryFileAcl acl = pur.getAcl( fileId.getId() ); RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder( acl ).entriesInheriting( objectAcl.isEntriesInheriting() ).clearAces(); if ( !objectAcl.isEntriesInheriting() ) { List<ObjectAce> aces = objectAcl.getAces(); for ( ObjectAce objectAce : aces ) { EnumSet<RepositoryFilePermission> permissions = objectAce.getPermissions(); EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf( RepositoryFilePermission.class ); ObjectRecipient recipient = objectAce.getRecipient(); RepositoryFileSid sid; if ( recipient.getType().equals( Type.ROLE ) ) { sid = new RepositoryFileSid( recipient.getName(), RepositoryFileSid.Type.ROLE ); } else { sid = new RepositoryFileSid( recipient.getName() ); } if ( permissions != null ) { permissionSet.addAll( permissions ); } newAclBuilder.ace( sid, permissionSet ); } } pur.updateAcl( newAclBuilder.build() ); } catch ( Exception drfe ) { // The user does not have rights to view or set the acl information. throw new KettleException( drfe ); } }
/** * Entries inheriting is set to false when this method is called. */ public Builder ace( final RepositoryFileSid recipient, final RepositoryFilePermission first, final RepositoryFilePermission... rest ) { return ace( new RepositoryFileAce( recipient, EnumSet.of( first, rest ) ) ); }
/** * Entries inheriting is set to false when this method is called. */ public Builder ace( final String name, final RepositoryFileSid.Type type, final RepositoryFilePermission first, final RepositoryFilePermission... rest ) { return ace( new RepositoryFileAce( new RepositoryFileSid( name, type ), EnumSet.of( first, rest ) ) ); }
new RepositoryFileAcl.Builder( userSid ).ace( tenantAuthenticatedRoleSid, EnumSet .of( RepositoryFilePermission.READ ) ); new RepositoryFileAcl.Builder( userSid ).ace( ownerSid, EnumSet.of( RepositoryFilePermission.ALL ) ); tenantHomeFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths RepositoryFileSid ownerSid = new RepositoryFileSid( ownerId, Type.USER ); aclsForUserHomeFolder = new RepositoryFileAcl.Builder( userSid ).ace( ownerSid, EnumSet.of( RepositoryFilePermission.ALL ) );
aclBuilder.ace( adminGroup );
private RepositoryFileAcl toAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id ) throws RepositoryException { Node node = session.getNodeByIdentifier( id.toString() ); if ( node == null ) { throw new RepositoryException( Messages.getInstance().getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", id.toString() ) ); //$NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList( acMgr, absPath ); RepositoryFileSid owner = null; String ownerString = getOwner( session, absPath, acList ); if ( ownerString != null ) { // for now, just assume all owners are users; only has UI impact owner = new RepositoryFileSid( JcrTenantUtils.getUserNameUtils().getPrincipleName( ownerString ), RepositoryFileSid.Type.USER ); } RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder( id, owner ); aclBuilder.entriesInheriting( isEntriesInheriting( session, absPath, acList ) ); List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata( Arrays.asList( acList.getAccessControlEntries() ) ); for ( AccessControlEntry acEntry : cleanedAcEntries ) { if ( !acEntry.getPrincipal().equals( new SpringSecurityRolePrincipal( JcrTenantUtils.getTenantedRole( tenantAdminAuthorityName ) ) ) ) { aclBuilder.ace( toAce( session, acEntry ) ); } } return aclBuilder.build(); }
public void addAce( final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission ) { if ( isKioskEnabled() ) { throw new RuntimeException( Messages.getInstance().getString( "JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED" ) ); //$NON-NLS-1$ } Assert.notNull( id ); Assert.notNull( recipient ); Assert.notNull( permission ); RepositoryFileAcl acl = getAcl( id ); Assert.notNull( acl ); // TODO mlowery find an ACE with the recipient and update that rather than adding a new ACE RepositoryFileSid newRecipient = recipient; if ( recipient.getType().equals( Type.USER ) ) { if ( JcrTenantUtils.getUserNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( recipient.getName() ), recipient.getType() ); } } else { if ( JcrTenantUtils.getRoleNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedRole( recipient.getName() ), recipient.getType() ); } } RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder( acl ).ace( newRecipient, permission ).build(); updateAcl( updatedAcl ); logger.debug( "added ace: id=" + id + ", sid=" + recipient + ", permission=" + permission ); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ }
private RepositoryFile createEtcFolder( ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid ) { String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAuthenticatedRoleName ); RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( tenantAuthenticatedRoleId, Type.ROLE ); String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAdminRoleName ); RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid( tenantAdminRoleId, Type.ROLE ); RepositoryFile etcFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantEtcFolderName() ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.READ ) ) .ace( tenantAdminRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).build(), null ); RepositoryFile pdiFolder = repositoryFileDao.createFolder( etcFolder.getId(), new RepositoryFile.Builder( "pdi" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "databases" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "slaveServers" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "clusterSchemas" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "partitionSchemas" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( etcFolder.getId(), new RepositoryFile.Builder( "metastore" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).build(), null ); return etcFolder; }
protected void init() { RepositoryFile rootFolder = new RepositoryFile.Builder( "" ).path( RepositoryFile.SEPARATOR ).folder( true ).build(); RepositoryFileAcl rootFolderAcl = new RepositoryFileAcl.Builder( root() ).entriesInheriting( false ).ace( everyone(), READ ).build(); root = new FileRecord( rootFolder, rootFolderAcl ); idManager.register( root ); RepositoryFile publicFolder = new RepositoryFile.Builder( "public" ).path( RepositoryFile.SEPARATOR + "public" ).folder( true ).build(); RepositoryFileAcl publicFolderAcl = new RepositoryFileAcl.Builder( root() ).entriesInheriting( false ).ace( everyone(), READ, WRITE ).build(); FileRecord pub = new FileRecord( publicFolder, publicFolderAcl ); root.addChild( pub ); idManager.register( pub ); RepositoryFile etcFolder = new RepositoryFile.Builder( "etc" ).path( RepositoryFile.SEPARATOR + "etc" ).folder( true ).build(); RepositoryFileAcl etcFolderAcl = new RepositoryFileAcl.Builder( root() ).entriesInheriting( true ).build(); FileRecord etc = new FileRecord( etcFolder, etcFolderAcl ); root.addChild( etc ); idManager.register( etc ); }
public static RepositoryFileAcl getAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id ) throws RepositoryException { Node node = session.getNodeByIdentifier( id.toString() ); if ( node == null ) { throw new RepositoryException( Messages.getInstance().getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", id.toString() ) ); //$NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList( acMgr, absPath ); RepositoryFileSid owner = null; String ownerString = JcrTenantUtils.getUserNameUtils().getPrincipleName( getOwner( session, absPath, acList ) ); if ( ownerString != null ) { // for now, just assume all owners are users; only has UI impact owner = new RepositoryFileSid( ownerString, RepositoryFileSid.Type.USER ); } RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder( id, owner ); aclBuilder.entriesInheriting( isEntriesInheriting( session, absPath, acList ) ); List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata( Arrays.asList( acList.getAccessControlEntries() ) ); for ( AccessControlEntry acEntry : cleanedAcEntries ) { aclBuilder.ace( toAce( session, acEntry ) ); } return aclBuilder.build(); }
@Override protected void setUp() throws Exception { IUnifiedRepository repository = new MockUnifiedRepository( new MockUnifiedRepository.SpringSecurityCurrentUserProvider() ); datasourceMgmtService = new JcrBackedDatasourceMgmtService( repository, new DatabaseDialectService() ); datasourceMgmtWS = new DefaultDatasourceMgmtWebService( datasourceMgmtService ); adapter = new DatasourceMgmtToWebServiceAdapter( datasourceMgmtWS ); SecurityContextHolder.getContext() .setAuthentication( new UsernamePasswordAuthenticationToken( MockUnifiedRepository.root().getName(), null, new ArrayList<GrantedAuthority>() ) ); repository.createFolder( repository.getFile( "/etc" ).getId(), new RepositoryFile.Builder( FOLDER_PDI ).folder( true ).build(), new RepositoryFileAcl.Builder( MockUnifiedRepository.root() ).ace( MockUnifiedRepository.everyone(), READ, WRITE ).build(), null ); repository.createFolder( repository.getFile( "/etc/pdi" ).getId(), new RepositoryFile.Builder( FOLDER_DATABASES ) .folder( true ).build(), null ); SecurityContextHolder.getContext().setAuthentication( new UsernamePasswordAuthenticationToken( EXP_LOGIN, null, new ArrayList<GrantedAuthority>() ) ); KettleClientEnvironment.init(); }
/** * Determine the correct default acls and return it. * * @return default acls */ @Override public RepositoryFileAcl createDefaultAcl( RepositoryFile repositoryFile ) { if ( applyAuthRule( repositoryFile ) ) { // if the auth name is not specified in the config, create an acl without an ace if ( authenticatedRoleName == null || authenticatedRoleName.trim().length() == 0 ) { return new RepositoryFileAcl.Builder( PentahoSessionHolder.getSession().getName() ).entriesInheriting( false ) .build(); } else { // if an auth is defined, create an acl with the ace RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( authenticatedRoleName, Type.ROLE ); return new RepositoryFileAcl.Builder( PentahoSessionHolder.getSession().getName() ).entriesInheriting( false ) .ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).build(); } } else { return super.createDefaultAcl( repositoryFile ); } } }
@Override public RepositoryFileAcl unmarshal( final RepositoryFileAclDto v ) { RepositoryFileAcl.Builder builder = null; if ( v.getOwnerType() != -1 ) { if ( v.getId() != null ) { builder = new RepositoryFileAcl.Builder( v.getId(), v.getOwner(), RepositoryFileSid.Type.values()[v.getOwnerType()] ); } else { builder = new RepositoryFileAcl.Builder( v.getTenantPath(), v.getOwner(), RepositoryFileSid.Type.values()[v.getOwnerType()] ); } } else { builder = new RepositoryFileAcl.Builder( (Serializable) v.getId(), null ); } builder.entriesInheriting( v.isEntriesInheriting() ); for ( RepositoryFileAclAceDto fileAclAceDto : v.getAces() ) { builder.ace( RepositoryFileAclAceAdapter.toAce( fileAclAceDto ) ); } return builder.build(); }
public void setUp() throws Exception { IUnifiedRepository repository = new MockUnifiedRepository( new MockUnifiedRepository.SpringSecurityCurrentUserProvider() ); datasourceMgmtService = new JcrBackedDatasourceMgmtService( repository, new DatabaseDialectService() ); datasourceMgmtWebService = new DefaultDatasourceMgmtWebService( datasourceMgmtService ); dbConnectionAdapter = new DatabaseConnectionAdapter(); SecurityContextHolder.getContext() .setAuthentication( new UsernamePasswordAuthenticationToken( MockUnifiedRepository.root().getName(), null, new ArrayList<GrantedAuthority>() ) ); repository.createFolder( repository.getFile( "/etc" ).getId(), new RepositoryFile.Builder( FOLDER_PDI ).folder( true ).build(), new RepositoryFileAcl.Builder( MockUnifiedRepository.root() ).ace( MockUnifiedRepository.everyone(), READ, WRITE ).build(), null ); repository.createFolder( repository.getFile( "/etc/pdi" ).getId(), new RepositoryFile.Builder( FOLDER_DATABASES ) .folder( true ).build(), null ); SecurityContextHolder.getContext().setAuthentication( new UsernamePasswordAuthenticationToken( EXP_LOGIN, null, new ArrayList<GrantedAuthority>() ) ); KettleClientEnvironment.init(); }
private RepositoryFile createHomeFolder( ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid ) { String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAdminRoleName ); RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid( tenantAdminRoleId, Type.ROLE ); String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAuthenticatedRoleName ); RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( tenantAuthenticatedRoleId, Type.ROLE ); RepositoryFile homeFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantHomeFolderName() ).folder( true ).title( Messages.getInstance().getString( "RepositoryTenantManager.usersFolderDisplayName" ) ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).ace( tenantAdminRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.READ ) ).build(), null ); return homeFolder; }
private RepositoryFile createPublicFolder( ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid ) { String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAdminRoleName ); RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid( tenantAdminRoleId, Type.ROLE ); String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAuthenticatedRoleName ); RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( tenantAuthenticatedRoleId, Type.ROLE ); RepositoryFile publicFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantPublicFolderName() ).folder( true ).title( Messages.getInstance().getString( "RepositoryTenantManager.publicFolderDisplayName" ) ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).ace( tenantAdminRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.READ ) ).build(), null ); return publicFolder; }
/** * Entries inheriting is set to false when this method is called. */ public Builder ace( final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permissions ) { return ace( new RepositoryFileAce( recipient, permissions ) ); }
public static void addAce( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission ) throws RepositoryException { RepositoryFileSid newRecipient = recipient; if ( JcrTenantUtils.getUserNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( recipient.getName() ), recipient.getType() ); } RepositoryFileAcl acl = getAcl( session, pentahoJcrConstants, id ); RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder( acl ).ace( newRecipient, permission ).build(); updateAcl( session, updatedAcl ); }
public Builder( final RepositoryFileAcl other ) { this( other.id, other.owner ); this.entriesInheriting( other.entriesInheriting ); for ( RepositoryFileAce ace : other.aces ) { this.ace( ace ); } }
/** * Entries inheriting is set to false when this method is called. */ public Builder ace( final String name, final RepositoryFileSid.Type type, final EnumSet<RepositoryFilePermission> permissions ) { return ace( new RepositoryFileAce( new RepositoryFileSid( name, type ), permissions ) ); }