@Override public void setAcl( ObjectId fileId, ObjectAcl objectAcl ) throws KettleException { try { RepositoryFileAcl acl = pur.getAcl( fileId.getId() ); RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder( acl ).entriesInheriting( objectAcl.isEntriesInheriting() ).clearAces(); if ( !objectAcl.isEntriesInheriting() ) { List<ObjectAce> aces = objectAcl.getAces(); for ( ObjectAce objectAce : aces ) { EnumSet<RepositoryFilePermission> permissions = objectAce.getPermissions(); EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf( RepositoryFilePermission.class ); ObjectRecipient recipient = objectAce.getRecipient(); RepositoryFileSid sid; if ( recipient.getType().equals( Type.ROLE ) ) { sid = new RepositoryFileSid( recipient.getName(), RepositoryFileSid.Type.ROLE ); } else { sid = new RepositoryFileSid( recipient.getName() ); } if ( permissions != null ) { permissionSet.addAll( permissions ); } newAclBuilder.ace( sid, permissionSet ); } } pur.updateAcl( newAclBuilder.build() ); } catch ( Exception drfe ) { // The user does not have rights to view or set the acl information. throw new KettleException( drfe ); } }
/** * Entries inheriting is set to false when this method is called. */ public Builder ace( final RepositoryFileAce ace1 ) { entriesInheriting( false ); this.aces.add( ace1 ); return this; }
/** * Replaces the ACEs with the given ACEs. Entries inheriting is set to false when this method is called. */ public Builder aces( final List<RepositoryFileAce> aces1 ) { clearAces(); entriesInheriting( false ); this.aces.addAll( aces1 ); return this; }
private RepositoryFileAcl toAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id ) throws RepositoryException { Node node = session.getNodeByIdentifier( id.toString() ); if ( node == null ) { throw new RepositoryException( Messages.getInstance().getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", id.toString() ) ); //$NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList( acMgr, absPath ); RepositoryFileSid owner = null; String ownerString = getOwner( session, absPath, acList ); if ( ownerString != null ) { // for now, just assume all owners are users; only has UI impact owner = new RepositoryFileSid( JcrTenantUtils.getUserNameUtils().getPrincipleName( ownerString ), RepositoryFileSid.Type.USER ); } RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder( id, owner ); aclBuilder.entriesInheriting( isEntriesInheriting( session, absPath, acList ) ); List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata( Arrays.asList( acList.getAccessControlEntries() ) ); for ( AccessControlEntry acEntry : cleanedAcEntries ) { if ( !acEntry.getPrincipal().equals( new SpringSecurityRolePrincipal( JcrTenantUtils.getTenantedRole( tenantAdminAuthorityName ) ) ) ) { aclBuilder.ace( toAce( session, acEntry ) ); } } return aclBuilder.build(); }
@Override public Object doInJcr( final Session session ) throws RepositoryException { Tenant tenant = null; RepositoryFile parentFolder = null; if ( parentTenant == null ) { tenant = new Tenant( "/" + tenantName, true ); } else { tenant = new Tenant( parentTenant.getRootFolderAbsolutePath() + "/" + tenantName, true ); String folderPath = parentTenant.getRootFolderAbsolutePath(); parentFolder = repositoryFileDao.getFileByAbsolutePath( folderPath ); } RepositoryFileAcl acl = new RepositoryFileAcl.Builder( tenantCreatorId ).entriesInheriting( false ).build(); RepositoryFile systemTenantFolder = repositoryFileDao.createFolder( parentFolder != null ? parentFolder.getId() : null, new RepositoryFile.Builder( tenant.getName() ).folder( true ).build(), acl, "" ); repositoryFileDao.getFileByAbsolutePath( tenant.getId() ); Map<String, Serializable> fileMeta = repositoryFileDao.getFileMetadata( systemTenantFolder.getId() ); fileMeta.put( ITenantManager.TENANT_ROOT, true ); fileMeta.put( ITenantManager.TENANT_ENABLED, true ); JcrRepositoryFileUtils.setFileMetadata( session, systemTenantFolder.getId(), fileMeta ); createRuntimeRolesFolderNode( session, new PentahoJcrConstants( session ), tenant ); return systemTenantFolder; } } );
public static RepositoryFile createFolder( final Session session, final CredentialsStrategySessionFactory sessionFactory, final RepositoryFile parentFolder, final RepositoryFile folder, final boolean inheritAces, final RepositoryFileSid ownerSid, final IPathConversionHelper pathConversionHelper, final String versionMessage ) throws RepositoryException { Serializable parentFolderId = parentFolder == null ? null : parentFolder.getId(); PentahoJcrConstants pentahoJcrConstants = new PentahoJcrConstants( session ); JcrRepositoryFileUtils.checkoutNearestVersionableFileIfNecessary( session, pentahoJcrConstants, parentFolderId ); Node folderNode = createFolderNode( session, pentahoJcrConstants, parentFolderId, folder ); session.save(); JcrRepositoryFileAclUtils.createAcl( session, pentahoJcrConstants, folderNode.getIdentifier(), new RepositoryFileAcl.Builder( ownerSid ).entriesInheriting( inheritAces ).build() ); session.save(); if ( folder.isVersioned() ) { JcrRepositoryFileUtils.checkinNearestVersionableNodeIfNecessary( session, pentahoJcrConstants, folderNode, versionMessage ); } JcrRepositoryFileUtils.checkinNearestVersionableFileIfNecessary( session, pentahoJcrConstants, parentFolderId, Messages.getInstance().getString( "JcrRepositoryFileDao.USER_0001_VER_COMMENT_ADD_FOLDER", folder.getName(), ( parentFolderId == null ? "root" : parentFolderId.toString() ) ) ); //$NON-NLS-1$ //$NON-NLS-2$ return JcrRepositoryFileUtils.getFileById( session, pentahoJcrConstants, pathConversionHelper, null, folderNode .getIdentifier() ); }
private RepositoryFile createEtcFolder( ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid ) { String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAuthenticatedRoleName ); RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( tenantAuthenticatedRoleId, Type.ROLE ); String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAdminRoleName ); RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid( tenantAdminRoleId, Type.ROLE ); RepositoryFile etcFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantEtcFolderName() ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.READ ) ) .ace( tenantAdminRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).build(), null ); RepositoryFile pdiFolder = repositoryFileDao.createFolder( etcFolder.getId(), new RepositoryFile.Builder( "pdi" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "databases" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "slaveServers" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "clusterSchemas" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "partitionSchemas" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( etcFolder.getId(), new RepositoryFile.Builder( "metastore" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).build(), null ); return etcFolder; }
public static RepositoryFileAcl getAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id ) throws RepositoryException { Node node = session.getNodeByIdentifier( id.toString() ); if ( node == null ) { throw new RepositoryException( Messages.getInstance().getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", id.toString() ) ); //$NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList( acMgr, absPath ); RepositoryFileSid owner = null; String ownerString = JcrTenantUtils.getUserNameUtils().getPrincipleName( getOwner( session, absPath, acList ) ); if ( ownerString != null ) { // for now, just assume all owners are users; only has UI impact owner = new RepositoryFileSid( ownerString, RepositoryFileSid.Type.USER ); } RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder( id, owner ); aclBuilder.entriesInheriting( isEntriesInheriting( session, absPath, acList ) ); List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata( Arrays.asList( acList.getAccessControlEntries() ) ); for ( AccessControlEntry acEntry : cleanedAcEntries ) { aclBuilder.ace( toAce( session, acEntry ) ); } return aclBuilder.build(); }
/** * Determine the correct default acls and return it. * * @return default acls */ @Override public RepositoryFileAcl createDefaultAcl( RepositoryFile repositoryFile ) { if ( applyAuthRule( repositoryFile ) ) { // if the auth name is not specified in the config, create an acl without an ace if ( authenticatedRoleName == null || authenticatedRoleName.trim().length() == 0 ) { return new RepositoryFileAcl.Builder( PentahoSessionHolder.getSession().getName() ).entriesInheriting( false ) .build(); } else { // if an auth is defined, create an acl with the ace RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( authenticatedRoleName, Type.ROLE ); return new RepositoryFileAcl.Builder( PentahoSessionHolder.getSession().getName() ).entriesInheriting( false ) .ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).build(); } } else { return super.createDefaultAcl( repositoryFile ); } } }
protected void init() { RepositoryFile rootFolder = new RepositoryFile.Builder( "" ).path( RepositoryFile.SEPARATOR ).folder( true ).build(); RepositoryFileAcl rootFolderAcl = new RepositoryFileAcl.Builder( root() ).entriesInheriting( false ).ace( everyone(), READ ).build(); root = new FileRecord( rootFolder, rootFolderAcl ); idManager.register( root ); RepositoryFile publicFolder = new RepositoryFile.Builder( "public" ).path( RepositoryFile.SEPARATOR + "public" ).folder( true ).build(); RepositoryFileAcl publicFolderAcl = new RepositoryFileAcl.Builder( root() ).entriesInheriting( false ).ace( everyone(), READ, WRITE ).build(); FileRecord pub = new FileRecord( publicFolder, publicFolderAcl ); root.addChild( pub ); idManager.register( pub ); RepositoryFile etcFolder = new RepositoryFile.Builder( "etc" ).path( RepositoryFile.SEPARATOR + "etc" ).folder( true ).build(); RepositoryFileAcl etcFolderAcl = new RepositoryFileAcl.Builder( root() ).entriesInheriting( true ).build(); FileRecord etc = new FileRecord( etcFolder, etcFolderAcl ); root.addChild( etc ); idManager.register( etc ); }
@Override public RepositoryFileAcl unmarshal( final RepositoryFileAclDto v ) { RepositoryFileAcl.Builder builder = null; if ( v.getOwnerType() != -1 ) { if ( v.getId() != null ) { builder = new RepositoryFileAcl.Builder( v.getId(), v.getOwner(), RepositoryFileSid.Type.values()[v.getOwnerType()] ); } else { builder = new RepositoryFileAcl.Builder( v.getTenantPath(), v.getOwner(), RepositoryFileSid.Type.values()[v.getOwnerType()] ); } } else { builder = new RepositoryFileAcl.Builder( (Serializable) v.getId(), null ); } builder.entriesInheriting( v.isEntriesInheriting() ); for ( RepositoryFileAclAceDto fileAclAceDto : v.getAces() ) { builder.ace( RepositoryFileAclAceAdapter.toAce( fileAclAceDto ) ); } return builder.build(); }
protected RepositoryFileAcl makeAcl( final boolean inheritAces, final RepositoryFileSid ownerSid ) { return new RepositoryFileAcl.Builder( ownerSid ).entriesInheriting( inheritAces ).build(); } }
public Builder( final RepositoryFileAcl other ) { this( other.id, other.owner ); this.entriesInheriting( other.entriesInheriting ); for ( RepositoryFileAce ace : other.aces ) { this.ace( ace ); } }
private RepositoryFileAcl createDefaultAcl() { RepositoryFileAcl.Builder builder = new RepositoryFileAcl.Builder( userNameUtils.getPrincipleId( new Tenant( "/pentaho", true ), currentUserProvider.getUser() ) ); builder.entriesInheriting( true ); return builder.build(); }
/** * @return */ @Override public RepositoryFileAcl createDefaultAcl( RepositoryFile repositoryFile ) { return new RepositoryFileAcl.Builder( PentahoSessionHolder.getSession().getName() ).entriesInheriting( true ) .build(); } }