Date modifiedDate = repositoryFile.getLastModifiedDate(); String ownerName = repositoryFileAcl != null ? repositoryFileAcl.getOwner().getName() : ""; boolean deleted = isDeleted( repositoryFile ); RepositoryDirectoryInterface directory = findDirectory( parentPath );
ObjectRecipient owner = new RepositoryObjectRecipient( sid.getName() ); if ( sid.getType().equals( RepositoryFileSid.Type.USER ) ) { owner.setType( Type.USER ); EnumSet<RepositoryFilePermission> permissionSet = EnumSet.noneOf( RepositoryFilePermission.class ); RepositoryFileSid aceSid = ace.getSid(); ObjectRecipient recipient = new RepositoryObjectRecipient( aceSid.getName() ); if ( aceSid.getType().equals( RepositoryFileSid.Type.USER ) ) { recipient.setType( Type.USER );
@Override public String getUser() { return MockUnifiedRepository.root().getName(); }
public void addAce( final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission ) { if ( isKioskEnabled() ) { throw new RuntimeException( Messages.getInstance().getString( "JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED" ) ); //$NON-NLS-1$ } Assert.notNull( id ); Assert.notNull( recipient ); Assert.notNull( permission ); RepositoryFileAcl acl = getAcl( id ); Assert.notNull( acl ); // TODO mlowery find an ACE with the recipient and update that rather than adding a new ACE RepositoryFileSid newRecipient = recipient; if ( recipient.getType().equals( Type.USER ) ) { if ( JcrTenantUtils.getUserNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( recipient.getName() ), recipient.getType() ); } } else { if ( JcrTenantUtils.getRoleNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedRole( recipient.getName() ), recipient.getType() ); } } RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder( acl ).ace( newRecipient, permission ).build(); updateAcl( updatedAcl ); logger.debug( "added ace: id=" + id + ", sid=" + recipient + ", permission=" + permission ); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ }
public static void addAce( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission ) throws RepositoryException { RepositoryFileSid newRecipient = recipient; if ( JcrTenantUtils.getUserNameUtils().getTenant( recipient.getName() ) == null ) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( recipient.getName() ), recipient.getType() ); } RepositoryFileAcl acl = getAcl( session, pentahoJcrConstants, id ); RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder( acl ).ace( newRecipient, permission ).build(); updateAcl( session, updatedAcl ); }
public static void setOwner( final Session session, final PentahoJcrConstants pentahoJcrConstants, final RepositoryFile file, final RepositoryFileSid owner ) throws RepositoryException { RepositoryFileSid newOwnerSid = owner; if ( JcrTenantUtils.getUserNameUtils().getTenant( owner.getName() ) == null ) { newOwnerSid = new RepositoryFileSid( JcrTenantUtils.getTenantedUser( owner.getName() ), owner.getType() ); } RepositoryFileAcl acl = getAcl( session, pentahoJcrConstants, file.getId() ); RepositoryFileAcl newAcl = new RepositoryFileAcl.Builder( acl ).owner( newOwnerSid ).build(); updateAcl( session, newAcl ); }
public static RepositoryFileAclAceDto toAceDto( RepositoryFileAce v ) { RepositoryFileAclAceDto aceDto = new RepositoryFileAclAceDto(); RepositoryFileSid sid = v.getSid(); aceDto.setRecipient( sid.getName() ); aceDto.setRecipientType( sid.getType().ordinal() ); aceDto.setPermissions( toIntPerms( v.getPermissions() ) ); return aceDto; }
JcrRepositoryFileAclUtils.setAclMetadata( session, absPath, acList, new AclMetadata( acl.getOwner().getName(), acl .isEntriesInheriting() ) ); Principal principal = null; if ( RepositoryFileSid.Type.ROLE == ace.getSid().getType() ) { principal = new SpringSecurityRolePrincipal( JcrTenantUtils.getTenantedRole( ace.getSid().getName() ) ); } else { principal = new SpringSecurityUserPrincipal( JcrTenantUtils.getTenantedUser( ace.getSid().getName() ) );
JcrRepositoryFileAclUtils.setAclMetadata( session, absPath, acList, new AclMetadata( acl.getOwner().getName(), acl .isEntriesInheriting() ) ); Principal principal = null; if ( RepositoryFileSid.Type.ROLE == ace.getSid().getType() ) { String principalName = JcrTenantUtils.getRoleNameUtils().getPrincipleName( ace.getSid().getName() ); if ( tenantAdminAuthorityName.equals( principalName ) ) { adminPrincipalExist = true; principal = new SpringSecurityRolePrincipal( JcrTenantUtils.getTenantedRole( ace.getSid().getName() ) ); } else { principal = new SpringSecurityUserPrincipal( JcrTenantUtils.getTenantedUser( ace.getSid().getName() ) ); principalTenant = JcrTenantUtils.getRoleNameUtils().getTenant( acl.getAces().get( 0 ).getSid().getName() );
@Override public RepositoryFileAclDto marshal( final RepositoryFileAcl v ) { RepositoryFileAclDto aclDto = new RepositoryFileAclDto(); Serializable id = v.getId(); aclDto.setId( id != null ? id.toString() : null ); RepositoryFileSid owner = v.getOwner(); if ( owner != null ) { aclDto.setOwner( owner.getName() ); aclDto.setOwnerType( owner.getType() != null ? owner.getType().ordinal() : -1 ); } aclDto.setAces( toAcesDto( v.getAces() ), v.isEntriesInheriting() ); return aclDto; }
assertTrue( !acl.isEntriesInheriting() ); assertTrue( acl.getAces().size() == 1 ); assertTrue( "Authenticated".equals( acl.getAces().get( 0 ).getSid().getName().toString() ) ); assertTrue( RepositoryFileSid.Type.ROLE.equals( acl.getAces().get( 0 ).getSid().getType() ) ); assertTrue( acl.getAces().get( 0 ).getPermissions().size() == 1 );
public void setUp() throws Exception { IUnifiedRepository repository = new MockUnifiedRepository( new MockUnifiedRepository.SpringSecurityCurrentUserProvider() ); datasourceMgmtService = new JcrBackedDatasourceMgmtService( repository, new DatabaseDialectService() ); datasourceMgmtWebService = new DefaultDatasourceMgmtWebService( datasourceMgmtService ); dbConnectionAdapter = new DatabaseConnectionAdapter(); SecurityContextHolder.getContext() .setAuthentication( new UsernamePasswordAuthenticationToken( MockUnifiedRepository.root().getName(), null, new ArrayList<GrantedAuthority>() ) ); repository.createFolder( repository.getFile( "/etc" ).getId(), new RepositoryFile.Builder( FOLDER_PDI ).folder( true ).build(), new RepositoryFileAcl.Builder( MockUnifiedRepository.root() ).ace( MockUnifiedRepository.everyone(), READ, WRITE ).build(), null ); repository.createFolder( repository.getFile( "/etc/pdi" ).getId(), new RepositoryFile.Builder( FOLDER_DATABASES ) .folder( true ).build(), null ); SecurityContextHolder.getContext().setAuthentication( new UsernamePasswordAuthenticationToken( EXP_LOGIN, null, new ArrayList<GrantedAuthority>() ) ); KettleClientEnvironment.init(); }
@Override protected void setUp() throws Exception { IUnifiedRepository repository = new MockUnifiedRepository( new MockUnifiedRepository.SpringSecurityCurrentUserProvider() ); datasourceMgmtService = new JcrBackedDatasourceMgmtService( repository, new DatabaseDialectService() ); datasourceMgmtWS = new DefaultDatasourceMgmtWebService( datasourceMgmtService ); adapter = new DatasourceMgmtToWebServiceAdapter( datasourceMgmtWS ); SecurityContextHolder.getContext() .setAuthentication( new UsernamePasswordAuthenticationToken( MockUnifiedRepository.root().getName(), null, new ArrayList<GrantedAuthority>() ) ); repository.createFolder( repository.getFile( "/etc" ).getId(), new RepositoryFile.Builder( FOLDER_PDI ).folder( true ).build(), new RepositoryFileAcl.Builder( MockUnifiedRepository.root() ).ace( MockUnifiedRepository.everyone(), READ, WRITE ).build(), null ); repository.createFolder( repository.getFile( "/etc/pdi" ).getId(), new RepositoryFile.Builder( FOLDER_DATABASES ) .folder( true ).build(), null ); SecurityContextHolder.getContext().setAuthentication( new UsernamePasswordAuthenticationToken( EXP_LOGIN, null, new ArrayList<GrantedAuthority>() ) ); KettleClientEnvironment.init(); }
private boolean hasAccess( final Serializable fileId, final EnumSet<RepositoryFilePermission> permissions ) { String username = currentUserProvider.getUser(); List<String> roles = currentUserProvider.getRoles(); RepositoryFileAcl acl = idManager.getFileById( fileId ).getAcl(); if ( acl.getOwner().getType() == USER && acl.getOwner().getName().equals( username ) ) { return true; // owner can do anything } List<RepositoryFileAce> aces = internalGetEffectiveAces( fileId ); for ( RepositoryFileAce ace : aces ) { if ( ace.getSid().equals( everyone() ) && ace.getPermissions().containsAll( permissions ) ) { return true; // match special everyone role } else if ( ace.getSid().getType() == USER && ace.getSid().getName().equals( username ) && ace.getPermissions().containsAll( permissions ) ) { return true; // match on user } for ( String role : roles ) { if ( ace.getSid().getType() == ROLE && ace.getSid().getName().equals( role ) && ace.getPermissions().containsAll( permissions ) ) { return true; // match on role } } } return false; }
RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder( acl.getId(), acl.getOwner().getName(), RepositoryFileSid.Type.ROLE ); aclBuilder.aces( acl.getAces() );