public Object generateAllAceResponses(Acl acl) { List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); while (acl != null) { for (AccessControlEntry ace : acl.getEntries()) { result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } acl = acl.getParentAcl(); } return result; }
public List<AccessEntryResponse> generateAceResponsesByFuzzMatching(Acl acl, String nameSeg, boolean isCaseSensitive) { if (null == acl) { return Collections.emptyList(); } List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); for (AccessControlEntry ace : acl.getEntries()) { if (nameSeg != null && !needAdd(nameSeg, isCaseSensitive, getName(ace.getSid()))) { continue; } result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } return result; }
@Test public void testAccessControlEntryImplGetters() { Acl mockAcl = mock(Acl.class); Sid sid = new PrincipalSid("johndoe"); // Create a sample entry AccessControlEntry ace = new AccessControlEntryImpl(Long.valueOf(1), mockAcl, sid, BasePermission.ADMINISTRATION, true, true, true); // and check every get() method assertThat(ace.getId()).isEqualTo(new Long(1)); assertThat(ace.getAcl()).isEqualTo(mockAcl); assertThat(ace.getSid()).isEqualTo(sid); assertThat(ace.isGranting()).isTrue(); assertThat(ace.getPermission()).isEqualTo(BasePermission.ADMINISTRATION); assertThat(((AuditableAccessControlEntry) ace).isAuditFailure()).isTrue(); assertThat(((AuditableAccessControlEntry) ace).isAuditSuccess()).isTrue(); }
@SuppressWarnings("unchecked") public MutableAcl updateAcl(MutableAcl acl) throws NotFoundException { List<AccessControlEntry> oldAces = acl.getEntries(); Field acesField = FieldUtils.getField(AclImpl.class, "aces"); acesField.setAccessible(true); List newAces; try { newAces = (List) acesField.get(acl); newAces.clear(); for (int i = 0; i < oldAces.size(); i++) { AccessControlEntry ac = oldAces.get(i); // Just give an ID to all this acl's aces, rest of the fields are just // copied newAces.add(new AccessControlEntryImpl((i + 1), ac.getAcl(), ac .getSid(), ac.getPermission(), ac.isGranting(), ((AuditableAccessControlEntry) ac).isAuditSuccess(), ((AuditableAccessControlEntry) ac).isAuditFailure())); } } catch (IllegalAccessException e) { e.printStackTrace(); } return acl; }
assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(0)).isAuditSuccess()).isFalse(); assertThat((topParent.getEntries().get(0)).isGranting()).isTrue(); assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) topParent.getEntries().get(1)).isAuditSuccess()).isFalse(); assertThat(topParent.getEntries().get(1).isGranting()).isFalse(); assertThat(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) middleParent.getEntries().get(0)).isAuditSuccess()).isFalse(); assertThat(middleParent.getEntries().get(0).isGranting()).isTrue(); assertThat(((AuditableAccessControlEntry) child.getEntries().get(0)).isAuditFailure()).isFalse(); assertThat(((AuditableAccessControlEntry) child.getEntries().get(0)).isAuditSuccess()).isFalse(); assertThat((child.getEntries().get(0)).isGranting()).isFalse();
assertThat(entry.getPermission().getMask()).isEqualTo(BasePermission.DELETE.getMask()); assertThat(entry.getSid()).isEqualTo(new PrincipalSid(auth)); assertThat(entry.isGranting()).isFalse(); assertThat(entry.getId()).isNotNull();
if (ace.isGranting()) {
public boolean isGranting() { return ace.isGranting(); }
/** * Check if this <tt>permission</tt> is granted for specified <tt>sid</tt> * * @param sid sid to check permission for it * @param ace entry with security information (for sids) * @param permission permission to check * @param isCheckAllowedGrant flag that indicates what type of grant need to * be checked - 'allowed' (true) or 'restricted' (false) * @return <code>true</code> if this entry has specified <tt>permission</tt> * and type of grant. */ private boolean isGrantedForSid(Sid sid, AccessControlEntry ace, Permission permission, boolean isCheckAllowedGrant) { return ace.isGranting() == isCheckAllowedGrant && permission.equals(ace.getPermission()) && ((UniversalSid)sid).getSidId().equals(((UniversalSid)ace.getSid()).getSidId()); }
/** * Ensures the specified permissions are granted for the sid. * * @param sid to modify the ACL for * @param permissions that should be granted */ public void allow( Sid sid, List<Permission> permissions ) { for ( Permission aclPermission : permissions ) { List<AccessControlEntry> aces = acl.getEntries(); int index = aces.size(); AccessControlEntry ace = findAce( aces, sid, aclPermission ); if ( ace != null && !ace.isGranting() ) { index = aces.indexOf( ace ); acl.deleteAce( index ); ace = null; } if ( ace == null ) { acl.insertAce( index, aclPermission, sid, true ); } } }
/** * Ensures the specified permissions are denied for the sid. * * @param sid to modify the ACL for * @param permissions that should be denied */ public void deny( Sid sid, List<Permission> permissions ) { for ( Permission aclPermission : permissions ) { List<AccessControlEntry> aces = acl.getEntries(); int index = aces.size(); AccessControlEntry ace = findAce( aces, sid, aclPermission ); if ( ace != null && ace.isGranting() ) { index = aces.indexOf( ace ); acl.deleteAce( index ); ace = null; } if ( ace == null ) { acl.insertAce( index, aclPermission, sid, false ); } } }
private void updateAces( Sid sid, IdBasedEntity entity, Boolean grantAction, AclPermission... aclPermissions ) { MutableAclService service = aclService; boolean shouldRevoke = grantAction == null; ObjectIdentity objectIdentity = objectIdentity( entity ); MutableAcl acl; try { acl = (MutableAcl) service.readAclById( objectIdentity ); } catch ( NotFoundException nfe ) { acl = aclService.createAcl( objectIdentity ); } for ( AclPermission aclPermission : aclPermissions ) { List<AccessControlEntry> aces = acl.getEntries(); int index = aces.size(); AccessControlEntry ace = findAce( aces, sid, aclPermission ); if ( ace != null && ( shouldRevoke || ace.isGranting() != grantAction ) ) { index = aces.indexOf( ace ); acl.deleteAce( index ); ace = null; } if ( ace == null && !shouldRevoke ) { acl.insertAce( index, aclPermission, sid, grantAction ); } } aclService.updateAcl( acl ); }
if(ace.isGranting()) { pb.add(acep); } else {
/** * copy field values from specified entity * @param entry * @return */ public T from(AccessControlEntry entry) { this.id = StringUtils.valueOf(entry.getId()); this.sid = TenantSid.from(entry.getSid()); this.granting = entry.isGranting(); this.permission = PermissionData.from(entry.getPermission()); if(entry instanceof AuditableAccessControlEntry) { AuditableAccessControlEntry ae = (AuditableAccessControlEntry) entry; this.auditFailure = ae.isAuditFailure(); this.auditSuccess = ae.isAuditSuccess(); } return thiz(); }
public Builder from(AccessControlEntry entry) { setId((Long) entry.getId()); setPermission(entry.getPermission()); setSid(entry.getSid()); setGranting(entry.isGranting()); if(entry instanceof AuditableAccessControlEntry) { AuditableAccessControlEntry aace = (AuditableAccessControlEntry) entry; setAuditFailure(aace.isAuditFailure()); setAuditSuccess(aace.isAuditSuccess()); } return this; }
/** * Gets {@link org.jtalks.jcommune.model.dto.GroupsPermissions} for provided {@link org.jtalks.common.model.entity.Entity}. * * @param permissions the list of permissions to get * @param entity the entity to get for * @return {@link org.jtalks.jcommune.model.dto.GroupsPermissions} for provided {@link org.jtalks.common.model.entity.Entity} */ public GroupsPermissions getPermissionsMapFor(List<JtalksPermission> permissions, Entity entity) { GroupsPermissions groupsPermissions = new GroupsPermissions(permissions); List<GroupAce> groupAces = aclManager.getGroupPermissionsOn(entity); for (JtalksPermission permission : permissions) { for (GroupAce groupAce : groupAces) { if (groupAce.getPermissionMask() == permission.getMask()) { groupsPermissions.add(permission, getGroup(groupAce), groupAce.isGranting()); } } for (AccessControlEntry controlEntry : aclUtil.getAclFor(entity).getEntries()) { if (controlEntry.getPermission().equals(permission) && ((UniversalSid)controlEntry.getSid()).getSidId().equals(UserSid.createAnonymous().getSidId())) { groupsPermissions.add(permission, AnonymousGroup.ANONYMOUS_GROUP, controlEntry.isGranting()); } } } return groupsPermissions; }
if (ace.isGranting()) {
if (ace.isGranting()) {