@Override public void setAcl( ObjectId fileId, ObjectAcl objectAcl ) throws KettleException { try { RepositoryFileAcl acl = pur.getAcl( fileId.getId() ); RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder( acl ).entriesInheriting( objectAcl.isEntriesInheriting() ).clearAces(); if ( !objectAcl.isEntriesInheriting() ) { List<ObjectAce> aces = objectAcl.getAces(); for ( ObjectAce objectAce : aces ) { EnumSet<RepositoryFilePermission> permissions = objectAce.getPermissions(); EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf( RepositoryFilePermission.class ); ObjectRecipient recipient = objectAce.getRecipient(); RepositoryFileSid sid; if ( recipient.getType().equals( Type.ROLE ) ) { sid = new RepositoryFileSid( recipient.getName(), RepositoryFileSid.Type.ROLE ); } else { sid = new RepositoryFileSid( recipient.getName() ); } if ( permissions != null ) { permissionSet.addAll( permissions ); } newAclBuilder.ace( sid, permissionSet ); } } pur.updateAcl( newAclBuilder.build() ); } catch ( Exception drfe ) { // The user does not have rights to view or set the acl information. throw new KettleException( drfe ); } }
public static RepositoryFileAcl getAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id ) throws RepositoryException { Node node = session.getNodeByIdentifier( id.toString() ); if ( node == null ) { throw new RepositoryException( Messages.getInstance().getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", id.toString() ) ); //$NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList( acMgr, absPath ); RepositoryFileSid owner = null; String ownerString = JcrTenantUtils.getUserNameUtils().getPrincipleName( getOwner( session, absPath, acList ) ); if ( ownerString != null ) { // for now, just assume all owners are users; only has UI impact owner = new RepositoryFileSid( ownerString, RepositoryFileSid.Type.USER ); } RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder( id, owner ); aclBuilder.entriesInheriting( isEntriesInheriting( session, absPath, acList ) ); List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata( Arrays.asList( acList.getAccessControlEntries() ) ); for ( AccessControlEntry acEntry : cleanedAcEntries ) { aclBuilder.ace( toAce( session, acEntry ) ); } return aclBuilder.build(); }
/** * Determine the correct default acls and return it. * * @return default acls */ @Override public RepositoryFileAcl createDefaultAcl( RepositoryFile repositoryFile ) { if ( applyAuthRule( repositoryFile ) ) { // if the auth name is not specified in the config, create an acl without an ace if ( authenticatedRoleName == null || authenticatedRoleName.trim().length() == 0 ) { return new RepositoryFileAcl.Builder( PentahoSessionHolder.getSession().getName() ).entriesInheriting( false ) .build(); } else { // if an auth is defined, create an acl with the ace RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( authenticatedRoleName, Type.ROLE ); return new RepositoryFileAcl.Builder( PentahoSessionHolder.getSession().getName() ).entriesInheriting( false ) .ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).build(); } } else { return super.createDefaultAcl( repositoryFile ); } } }
private RepositoryFile createEtcFolder( ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid ) { String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAuthenticatedRoleName ); RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( tenantAuthenticatedRoleId, Type.ROLE ); String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAdminRoleName ); RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid( tenantAdminRoleId, Type.ROLE ); RepositoryFile etcFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantEtcFolderName() ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.READ ) ) .ace( tenantAdminRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).build(), null ); RepositoryFile pdiFolder = repositoryFileDao.createFolder( etcFolder.getId(), new RepositoryFile.Builder( "pdi" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "databases" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "slaveServers" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "clusterSchemas" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "partitionSchemas" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( etcFolder.getId(), new RepositoryFile.Builder( "metastore" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).build(), null ); return etcFolder; }
protected void init() { RepositoryFile rootFolder = new RepositoryFile.Builder( "" ).path( RepositoryFile.SEPARATOR ).folder( true ).build(); RepositoryFileAcl rootFolderAcl = new RepositoryFileAcl.Builder( root() ).entriesInheriting( false ).ace( everyone(), READ ).build(); root = new FileRecord( rootFolder, rootFolderAcl ); idManager.register( root ); RepositoryFile publicFolder = new RepositoryFile.Builder( "public" ).path( RepositoryFile.SEPARATOR + "public" ).folder( true ).build(); RepositoryFileAcl publicFolderAcl = new RepositoryFileAcl.Builder( root() ).entriesInheriting( false ).ace( everyone(), READ, WRITE ).build(); FileRecord pub = new FileRecord( publicFolder, publicFolderAcl ); root.addChild( pub ); idManager.register( pub ); RepositoryFile etcFolder = new RepositoryFile.Builder( "etc" ).path( RepositoryFile.SEPARATOR + "etc" ).folder( true ).build(); RepositoryFileAcl etcFolderAcl = new RepositoryFileAcl.Builder( root() ).entriesInheriting( true ).build(); FileRecord etc = new FileRecord( etcFolder, etcFolderAcl ); root.addChild( etc ); idManager.register( etc ); }
public static RepositoryFile createFolder( final Session session, final CredentialsStrategySessionFactory sessionFactory, final RepositoryFile parentFolder, final RepositoryFile folder, final boolean inheritAces, final RepositoryFileSid ownerSid, final IPathConversionHelper pathConversionHelper, final String versionMessage ) throws RepositoryException { Serializable parentFolderId = parentFolder == null ? null : parentFolder.getId(); PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants( session ); JcrRepositoryFileUtils.checkoutNearestVersionableFileIfNecessary( session, pentahoJcrConstants, parentFolderId ); Node folderNode = createFolderNode( session, pentahoJcrConstants, parentFolderId, folder ); session.save(); JcrRepositoryFileAclUtils.createAcl( session, pentahoJcrConstants, folderNode.getIdentifier(), new RepositoryFileAcl.Builder( ownerSid ).entriesInheriting( inheritAces ).build() ); session.save(); if ( folder.isVersioned() ) { JcrRepositoryFileUtils.checkinNearestVersionableNodeIfNecessary( session, pentahoJcrConstants, folderNode, versionMessage ); } JcrRepositoryFileUtils.checkinNearestVersionableFileIfNecessary( session, pentahoJcrConstants, parentFolderId, Messages.getInstance().getString( "JcrRepositoryFileDao.USER_0001_VER_COMMENT_ADD_FOLDER", folder.getName(), ( parentFolderId == null ? "root" : parentFolderId.toString() ) ) ); //$NON-NLS-1$ //$NON-NLS-2$ return JcrRepositoryFileUtils.getFileById( session, pentahoJcrConstants, pathConversionHelper, null, folderNode .getIdentifier() ); }
@Override protected void setUp() throws Exception { IUnifiedRepository repository = new MockUnifiedRepository( new MockUnifiedRepository.SpringSecurityCurrentUserProvider() ); datasourceMgmtService = new JcrBackedDatasourceMgmtService( repository, new DatabaseDialectService() ); datasourceMgmtWS = new DefaultDatasourceMgmtWebService( datasourceMgmtService ); adapter = new DatasourceMgmtToWebServiceAdapter( datasourceMgmtWS ); SecurityContextHolder.getContext() .setAuthentication( new UsernamePasswordAuthenticationToken( MockUnifiedRepository.root().getName(), null, new ArrayList<GrantedAuthority>() ) ); repository.createFolder( repository.getFile( "/etc" ).getId(), new RepositoryFile.Builder( FOLDER_PDI ).folder( true ).build(), new RepositoryFileAcl.Builder( MockUnifiedRepository.root() ).ace( MockUnifiedRepository.everyone(), READ, WRITE ).build(), null ); repository.createFolder( repository.getFile( "/etc/pdi" ).getId(), new RepositoryFile.Builder( FOLDER_DATABASES ) .folder( true ).build(), null ); SecurityContextHolder.getContext().setAuthentication( new UsernamePasswordAuthenticationToken( EXP_LOGIN, null, new ArrayList<GrantedAuthority>() ) ); KettleClientEnvironment.init(); }
@Override public RepositoryFile createFolder( final Serializable parentFolderId, final RepositoryFile file, final RepositoryFileAcl acl, final String versionMessage ) { Validate.isTrue( file.isFolder() ); Validate.isTrue( !file.isVersioned() ); if ( !hasAccess( parentFolderId, EnumSet.of( WRITE ) ) ) { throw new AccessDeniedException( "access denied" ); } FileRecord parentFolder = idManager.getFileById( parentFolderId ); RepositoryFile fileFromRepo = new RepositoryFile.Builder( file ).path( parentFolder.getPath() + ( parentFolder.getPath().endsWith( RepositoryFile.SEPARATOR ) ? "" : RepositoryFile.SEPARATOR ) + file.getName() ).title( findTitle( file ) ).description( findDesc( file ) ).build(); RepositoryFileAcl aclFromRepo = new RepositoryFileAcl.Builder( acl ).build(); FileRecord fileRecord = new FileRecord( fileFromRepo, null, aclFromRepo, new HashMap<String, Serializable>() ); idManager.register( fileRecord ); parentFolder.addChild( fileRecord ); return fileRecord.getFile(); }
@Override public RepositoryFile createFile( final Serializable parentFolderId, final RepositoryFile file, final IRepositoryFileData data, final RepositoryFileAcl acl, final String versionMessage ) { Validate.isTrue( !file.isFolder() ); if ( !hasAccess( parentFolderId, EnumSet.of( WRITE ) ) ) { throw new AccessDeniedException( "access denied" ); } FileRecord parentFolder = idManager.getFileById( parentFolderId ); RepositoryFile fileFromRepo = new RepositoryFile.Builder( file ).path( parentFolder.getPath() + RepositoryFile.SEPARATOR + file.getName() ) .title( findTitle( file ) ).description( findDesc( file ) ).build(); RepositoryFileAcl aclFromRepo = new RepositoryFileAcl.Builder( acl ).build(); FileRecord fileRecord = new FileRecord( fileFromRepo, data, aclFromRepo, new HashMap<String, Serializable>() ); idManager.register( fileRecord ); process( fileRecord, null ); parentFolder.addChild( fileRecord ); if ( file.isVersioned() ) { versionManager.createVersion( fileRecord.getFile().getId(), currentUserProvider.getUser(), versionMessage, new Date() ); } return fileRecord.getFile(); }
@Override public RepositoryFileAcl unmarshal( final RepositoryFileAclDto v ) { RepositoryFileAcl.Builder builder = null; if ( v.getOwnerType() != -1 ) { if ( v.getId() != null ) { builder = new RepositoryFileAcl.Builder( v.getId(), v.getOwner(), RepositoryFileSid.Type.values()[v.getOwnerType()] ); } else { builder = new RepositoryFileAcl.Builder( v.getTenantPath(), v.getOwner(), RepositoryFileSid.Type.values()[v.getOwnerType()] ); } } else { builder = new RepositoryFileAcl.Builder( (Serializable) v.getId(), null ); } builder.entriesInheriting( v.isEntriesInheriting() ); for ( RepositoryFileAclAceDto fileAclAceDto : v.getAces() ) { builder.ace( RepositoryFileAclAceAdapter.toAce( fileAclAceDto ) ); } return builder.build(); }
public void setUp() throws Exception { IUnifiedRepository repository = new MockUnifiedRepository( new MockUnifiedRepository.SpringSecurityCurrentUserProvider() ); datasourceMgmtService = new JcrBackedDatasourceMgmtService( repository, new DatabaseDialectService() ); datasourceMgmtWebService = new DefaultDatasourceMgmtWebService( datasourceMgmtService ); dbConnectionAdapter = new DatabaseConnectionAdapter(); SecurityContextHolder.getContext() .setAuthentication( new UsernamePasswordAuthenticationToken( MockUnifiedRepository.root().getName(), null, new ArrayList<GrantedAuthority>() ) ); repository.createFolder( repository.getFile( "/etc" ).getId(), new RepositoryFile.Builder( FOLDER_PDI ).folder( true ).build(), new RepositoryFileAcl.Builder( MockUnifiedRepository.root() ).ace( MockUnifiedRepository.everyone(), READ, WRITE ).build(), null ); repository.createFolder( repository.getFile( "/etc/pdi" ).getId(), new RepositoryFile.Builder( FOLDER_DATABASES ) .folder( true ).build(), null ); SecurityContextHolder.getContext().setAuthentication( new UsernamePasswordAuthenticationToken( EXP_LOGIN, null, new ArrayList<GrantedAuthority>() ) ); KettleClientEnvironment.init(); }
private RepositoryFile createHomeFolder( ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid ) { String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAdminRoleName ); RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid( tenantAdminRoleId, Type.ROLE ); String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAuthenticatedRoleName ); RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( tenantAuthenticatedRoleId, Type.ROLE ); RepositoryFile homeFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantHomeFolderName() ).folder( true ).title( Messages.getInstance().getString( "RepositoryTenantManager.usersFolderDisplayName" ) ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).ace( tenantAdminRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.READ ) ).build(), null ); return homeFolder; }
private RepositoryFile createPublicFolder( ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid ) { String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAdminRoleName ); RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid( tenantAdminRoleId, Type.ROLE ); String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAuthenticatedRoleName ); RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( tenantAuthenticatedRoleId, Type.ROLE ); RepositoryFile publicFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantPublicFolderName() ).folder( true ).title( Messages.getInstance().getString( "RepositoryTenantManager.publicFolderDisplayName" ) ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).ace( tenantAdminRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.READ ) ).build(), null ); return publicFolder; }
protected RepositoryFileAcl makeAcl( final boolean inheritAces, final RepositoryFileSid ownerSid ) { return new RepositoryFileAcl.Builder( ownerSid ).entriesInheriting( inheritAces ).build(); } }
protected void createInitialTenantFolders( Session session, final RepositoryFile tenantRootFolder, final RepositoryFileSid fileOwnerSid, final RepositoryFileSid authenticatedRoleSid ) throws RepositoryException { // We create a tenant's home folder while creating a user repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantPublicFolderName() ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).build(), null ); repositoryFileDao .createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantEtcFolderName() ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).build(), null ); }
/** * @return */ @Override public RepositoryFileAcl createDefaultAcl( RepositoryFile repositoryFile ) { return new RepositoryFileAcl.Builder( PentahoSessionHolder.getSession().getName() ).entriesInheriting( true ) .build(); } }
public static void addAce( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission ) throws RepositoryException { RepositoryFileSid newRecipient = recipient; if ( JcrTenantUtils.getUserNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( recipient.getName() ), recipient.getType() ); } RepositoryFileAcl acl = getAcl( session, pentahoJcrConstants, id ); RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder( acl ).ace( newRecipient, permission ).build(); updateAcl( session, updatedAcl ); }
public void register( final FileRecord fileRecord ) { Serializable fileId = UUID.randomUUID().toString(); fileRecord.setFile( new RepositoryFile.Builder( fileRecord.getFile() ).id( fileId ).build() ); fileRecord.setAcl( new RepositoryFileAcl.Builder( fileRecord.getAcl() ).id( fileId ).build() ); idMap.put( fileId, fileRecord ); }
public static void setOwner( final Session session, final PentahoJcrConstants pentahoJcrConstants, final RepositoryFile file, final RepositoryFileSid owner ) throws RepositoryException { RepositoryFileSid newOwnerSid = owner; if ( JcrTenantUtils.getUserNameUtils().getTenant( owner.getName() ) == null ) { newOwnerSid = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( owner.getName() ), owner.getType() ); } RepositoryFileAcl acl = getAcl( session, pentahoJcrConstants, file.getId() ); RepositoryFileAcl newAcl = new RepositoryFileAcl.Builder( acl ).owner( newOwnerSid ).build(); updateAcl( session, newAcl ); }
private RepositoryFileAcl createDefaultAcl() { RepositoryFileAcl.Builder builder = new RepositoryFileAcl.Builder( userNameUtils.getPrincipleId( new Tenant( "/pentaho", true ), currentUserProvider.getUser() ) ); builder.entriesInheriting( true ); return builder.build(); }