@Override public void setAcl( ObjectId fileId, ObjectAcl objectAcl ) throws KettleException { try { RepositoryFileAcl acl = pur.getAcl( fileId.getId() ); RepositoryFileAcl.Builder newAclBuilder = new RepositoryFileAcl.Builder( acl ).entriesInheriting( objectAcl.isEntriesInheriting() ).clearAces(); if ( !objectAcl.isEntriesInheriting() ) { List<ObjectAce> aces = objectAcl.getAces(); for ( ObjectAce objectAce : aces ) { EnumSet<RepositoryFilePermission> permissions = objectAce.getPermissions(); EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf( RepositoryFilePermission.class ); ObjectRecipient recipient = objectAce.getRecipient(); RepositoryFileSid sid; if ( recipient.getType().equals( Type.ROLE ) ) { sid = new RepositoryFileSid( recipient.getName(), RepositoryFileSid.Type.ROLE ); } else { sid = new RepositoryFileSid( recipient.getName() ); } if ( permissions != null ) { permissionSet.addAll( permissions ); } newAclBuilder.ace( sid, permissionSet ); } } pur.updateAcl( newAclBuilder.build() ); } catch ( Exception drfe ) { // The user does not have rights to view or set the acl information. throw new KettleException( drfe ); } }
/** * Creates a {@code Builder} where the {@code owner} is a {@code RepositoryFileSid.Type.USER}. * * @param owner */ public Builder( final String owner ) { this( new RepositoryFileSid( owner ) ); }
public Builder( final String name, final RepositoryFileSid.Type type ) { this( null, new RepositoryFileSid( name, type ) ); }
public Builder( final Serializable id, final String name, final RepositoryFileSid.Type type ) { this( id, new RepositoryFileSid( name, type ) ); }
/** * Entries inheriting is set to false when this method is called. */ public Builder ace( final String name, final RepositoryFileSid.Type type, final EnumSet<RepositoryFilePermission> permissions ) { return ace( new RepositoryFileAce( new RepositoryFileSid( name, type ), permissions ) ); }
/** * Entries inheriting is set to false when this method is called. */ public Builder ace( final String name, final RepositoryFileSid.Type type, final RepositoryFilePermission first, final RepositoryFilePermission... rest ) { return ace( new RepositoryFileAce( new RepositoryFileSid( name, type ), EnumSet.of( first, rest ) ) ); }
private static RepositoryFileAce toAce( final Session session, final AccessControlEntry acEntry ) throws RepositoryException { Principal principal = acEntry.getPrincipal(); RepositoryFileSid sid = null; if ( principal instanceof Group ) { sid = new RepositoryFileSid( principal.getName(), RepositoryFileSid.Type.ROLE ); } else { sid = new RepositoryFileSid( principal.getName(), RepositoryFileSid.Type.USER ); } Privilege[] privileges = acEntry.getPrivileges(); IPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper( session ); return new RepositoryFileAce( sid, permissionConversionHelper.privilegesToPentahoPermissions( session, privileges ) ); }
public static RepositoryFileAce toAce( RepositoryFileAclAceDto v ) { return new RepositoryFileAce( new RepositoryFileSid( v.getRecipient(), RepositoryFileSid.Type.values()[v.getRecipientType()] ), toPerms( v.getPermissions() ) ); }
public static RepositoryFileSid everyone() { return new RepositoryFileSid( userNameUtils.getPrincipleId( null, "__everyone__" ), ROLE ); }
public static RepositoryFileSid root() { return new RepositoryFileSid( userNameUtils.getPrincipleId( null, "__root__" ), USER ); }
protected RepositoryFileAce toAce( final Session session, final AccessControlEntry acEntry ) throws RepositoryException { Principal principal = acEntry.getPrincipal(); RepositoryFileSid sid = null; String name = principal.getName(); DefaultPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper( session ); if ( principal instanceof Group ) { sid = new RepositoryFileSid( JcrTenantUtils.getRoleNameUtils().getPrincipleName( name ), RepositoryFileSid.Type.ROLE ); } else { sid = new RepositoryFileSid( JcrTenantUtils.getUserNameUtils().getPrincipleName( name ), RepositoryFileSid.Type.USER ); } logger.debug( String.format( "principal class [%s]", principal.getClass().getName() ) ); //$NON-NLS-1$ Privilege[] privileges = acEntry.getPrivileges(); return new RepositoryFileAce( sid, permissionConversionHelper .privilegesToPentahoPermissions( session, privileges ) ); }
private RepositoryFile createPublicFolder( ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid ) { String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAdminRoleName ); RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid( tenantAdminRoleId, Type.ROLE ); String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAuthenticatedRoleName ); RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( tenantAuthenticatedRoleId, Type.ROLE ); RepositoryFile publicFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantPublicFolderName() ).folder( true ).title( Messages.getInstance().getString( "RepositoryTenantManager.publicFolderDisplayName" ) ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).ace( tenantAdminRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.READ ) ).build(), null ); return publicFolder; }
private RepositoryFile createHomeFolder( ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid ) { String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAdminRoleName ); RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid( tenantAdminRoleId, Type.ROLE ); String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAuthenticatedRoleName ); RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( tenantAuthenticatedRoleId, Type.ROLE ); RepositoryFile homeFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantHomeFolderName() ).folder( true ).title( Messages.getInstance().getString( "RepositoryTenantManager.usersFolderDisplayName" ) ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).ace( tenantAdminRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.READ ) ).build(), null ); return homeFolder; }
public void addAce( final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission ) { if ( isKioskEnabled() ) { throw new RuntimeException( Messages.getInstance().getString( "JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED" ) ); //$NON-NLS-1$ } Assert.notNull( id ); Assert.notNull( recipient ); Assert.notNull( permission ); RepositoryFileAcl acl = getAcl( id ); Assert.notNull( acl ); // TODO mlowery find an ACE with the recipient and update that rather than adding a new ACE RepositoryFileSid newRecipient = recipient; if ( recipient.getType().equals( Type.USER ) ) { if ( JcrTenantUtils.getUserNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( recipient.getName() ), recipient.getType() ); } } else { if ( JcrTenantUtils.getRoleNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedRole( recipient.getName() ), recipient.getType() ); } } RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder( acl ).ace( newRecipient, permission ).build(); updateAcl( updatedAcl ); logger.debug( "added ace: id=" + id + ", sid=" + recipient + ", permission=" + permission ); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ }
/** * Determine the correct default acls and return it. * * @return default acls */ @Override public RepositoryFileAcl createDefaultAcl( RepositoryFile repositoryFile ) { if ( applyAuthRule( repositoryFile ) ) { // if the auth name is not specified in the config, create an acl without an ace if ( authenticatedRoleName == null || authenticatedRoleName.trim().length() == 0 ) { return new RepositoryFileAcl.Builder( PentahoSessionHolder.getSession().getName() ).entriesInheriting( false ) .build(); } else { // if an auth is defined, create an acl with the ace RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( authenticatedRoleName, Type.ROLE ); return new RepositoryFileAcl.Builder( PentahoSessionHolder.getSession().getName() ).entriesInheriting( false ) .ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).build(); } } else { return super.createDefaultAcl( repositoryFile ); } } }
public static RepositoryFileAcl getAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id ) throws RepositoryException { Node node = session.getNodeByIdentifier( id.toString() ); if ( node == null ) { throw new RepositoryException( Messages.getInstance().getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", id.toString() ) ); //$NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList( acMgr, absPath ); RepositoryFileSid owner = null; String ownerString = JcrTenantUtils.getUserNameUtils().getPrincipleName( getOwner( session, absPath, acList ) ); if ( ownerString != null ) { // for now, just assume all owners are users; only has UI impact owner = new RepositoryFileSid( ownerString, RepositoryFileSid.Type.USER ); } RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder( id, owner ); aclBuilder.entriesInheriting( isEntriesInheriting( session, absPath, acList ) ); List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata( Arrays.asList( acList.getAccessControlEntries() ) ); for ( AccessControlEntry acEntry : cleanedAcEntries ) { aclBuilder.ace( toAce( session, acEntry ) ); } return aclBuilder.build(); }
@Override public void doInTransactionWithoutResult( final TransactionStatus status ) { final RepositoryFileSid repositoryAdminUserSid = new RepositoryFileSid( userNameUtils.getPrincipleId( tenant, repositoryAdminUsername ) ); RepositoryFile tenantEtcFolder = repositoryFileDao.getFileByAbsolutePath( ServerRepositoryPaths.getTenantEtcFolderPath( tenant ) ); Assert.notNull( tenantEtcFolder ); if ( repositoryFileDao.getFileByAbsolutePath( ServerRepositoryPaths.getTenantEtcFolderPath( tenant ) + RepositoryFile.SEPARATOR + FOLDER_MONDRIAN ) == null ) { // mondrian folder internalCreateFolder( tenantEtcFolder.getId(), new RepositoryFile.Builder( FOLDER_MONDRIAN ).folder( true ) .build(), true, repositoryAdminUserSid, Messages.getInstance().getString( "MondrianRepositoryLifecycleManager.USER_0001_VER_COMMENT_MONDRIAN" ) ); //$NON-NLS-1$ } } } );
public static void addAce( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission ) throws RepositoryException { RepositoryFileSid newRecipient = recipient; if ( JcrTenantUtils.getUserNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( recipient.getName() ), recipient.getType() ); } RepositoryFileAcl acl = getAcl( session, pentahoJcrConstants, id ); RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder( acl ).ace( newRecipient, permission ).build(); updateAcl( session, updatedAcl ); }
public static void setOwner( final Session session, final PentahoJcrConstants pentahoJcrConstants, final RepositoryFile file, final RepositoryFileSid owner ) throws RepositoryException { RepositoryFileSid newOwnerSid = owner; if ( JcrTenantUtils.getUserNameUtils().getTenant( owner.getName() ) == null ) { newOwnerSid = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( owner.getName() ), owner.getType() ); } RepositoryFileAcl acl = getAcl( session, pentahoJcrConstants, file.getId() ); RepositoryFileAcl newAcl = new RepositoryFileAcl.Builder( acl ).owner( newOwnerSid ).build(); updateAcl( session, newAcl ); }
private RepositoryFile createEtcFolder( ITenant tenant, RepositoryFile tenantRootFolder, RepositoryFileSid fileOwnerSid ) { String tenantAuthenticatedRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAuthenticatedRoleName ); RepositoryFileSid tenantAuthenticatedRoleSid = new RepositoryFileSid( tenantAuthenticatedRoleId, Type.ROLE ); String tenantAdminRoleId = tenantedRoleNameResolver.getPrincipleId( tenant, tenantAdminRoleName ); RepositoryFileSid tenantAdminRoleSid = new RepositoryFileSid( tenantAdminRoleId, Type.ROLE ); RepositoryFile etcFolder = repositoryFileDao.createFolder( tenantRootFolder.getId(), new RepositoryFile.Builder( ServerRepositoryPaths .getTenantEtcFolderName() ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).ace( tenantAuthenticatedRoleSid, EnumSet.of( RepositoryFilePermission.READ ) ) .ace( tenantAdminRoleSid, EnumSet.of( RepositoryFilePermission.ALL ) ).build(), null ); RepositoryFile pdiFolder = repositoryFileDao.createFolder( etcFolder.getId(), new RepositoryFile.Builder( "pdi" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "databases" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "slaveServers" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "clusterSchemas" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( pdiFolder.getId(), new RepositoryFile.Builder( "partitionSchemas" ).folder( true ) .build(), new RepositoryFileAcl.Builder( fileOwnerSid ).entriesInheriting( true ).build(), null ); repositoryFileDao.createFolder( etcFolder.getId(), new RepositoryFile.Builder( "metastore" ).folder( true ).build(), new RepositoryFileAcl.Builder( fileOwnerSid ) .entriesInheriting( true ).build(), null ); return etcFolder; }