/** * Grant permissions from list to every sid in list on {@code target} object. * * @param sids list of sids * @param permissions list of permissions * @param target secured object */ public void grant(List<? extends Sid> sids, List<Permission> permissions, Entity target) { MutableAcl acl = aclUtil.grant(sids, permissions, target); mutableAclService.updateAcl(acl); }
/** * Revoke permissions from lists for every sid in list on {@code target} entity * * @param sids list of sids * @param permissions list of permissions * @param target secured object */ public void restrict(List<? extends Sid> sids, List<Permission> permissions, Entity target) { MutableAcl acl = aclUtil.restrict(sids, permissions, target); mutableAclService.updateAcl(acl); }
/** * Delete permissions from list for every sid in list on {@code target} object. * * @param sids list of sids * @param permissions list of permissions * @param target secured object */ public void delete(List<? extends Sid> sids, List<Permission> permissions, Entity target) { MutableAcl acl = aclUtil.delete(sids, permissions, target); mutableAclService.updateAcl(acl); }
private void removePermissionForSid(Sid sid, ObjectIdentity objectIdentity) { MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity, singletonList(sid)); boolean aclUpdated = deleteAceIfExists(sid, acl); if (aclUpdated) { mutableAclService.updateAcl(acl); } }
private void createSidPermission( Sid sid, ObjectIdentity objectIdentity, org.springframework.security.acls.model.Permission permission) { MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity, singletonList(sid)); deleteAceIfExists(sid, acl); acl.insertAce(0, permission, sid, true); mutableAclService.updateAcl(acl); }
@Override public void grant(ObjectIdentity objectIdentity, PermissionSet permissionSet, Sid sid) { MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity); acl.insertAce(acl.getEntries().size(), permissionSet, sid, true); mutableAclService.updateAcl(acl); }
@Override public void giveUserWriteMetaPermissions(Collection<EntityType> entityTypes) { Sid sid = SidUtils.createSecurityContextSid(); runAsSystem( () -> entityTypes.forEach( entityType -> { MutableAcl acl = (MutableAcl) mutableAclService.readAclById(new EntityTypeIdentity(entityType)); acl.insertAce(acl.getEntries().size(), PermissionSet.WRITEMETA, sid, true); mutableAclService.updateAcl(acl); })); } }
private void resetAclRecords(Class<? extends ISecuredObject<?>> objectClass, Long securedId, Sid sid, sk.seges.acris.security.shared.user_management.domain.Permission[] permissions) { MutableAcl acl = null; AclSecuredObjectIdentityData objectIdentity = getParentObjectIdentity(objectClass, securedId); if (objectIdentity == null) { throw new SecurityException("Could not update acl entry for aclId: " + securedId + " sid: " + sid + " cause acl object identity not found!"); } try { acl = (MutableAcl) aclService.readAclById(new ObjectIdentityImpl(objectIdentity.getJavaType(), securedId)); } catch (NotFoundException e) { throw new SecurityException("Could not update acl entry for aclId: " + securedId + " sid: " + sid + " cause acl object identity not found!", e); } int authorityMask = 0; for (sk.seges.acris.security.shared.user_management.domain.Permission authority : permissions) { authorityMask |= authority.getMask(); } for (int i = 0; i < acl.getEntries().size(); i++) { acl.deleteAce(i); } acl.insertAce(0, permissionFactory.buildFromMask(authorityMask), sid, true); acl.setOwner(sid); aclService.updateAcl(acl); }