@Override public boolean isSidLoaded(List<Sid> sids) { // If loadedSides is null, this indicates all SIDs were loaded // Also return true if the caller didn't specify a SID to find if ((this.loadedSids == null) || (sids == null) || (sids.size() == 0)) { return true; } // This ACL applies to a SID subset only. Iterate to check it applies. for (Sid sid : sids) { boolean found = false; for (Sid loadedSid : loadedSids) { if (sid.equals(loadedSid)) { // this SID is OK found = true; break; // out of loadedSids for loop } } if (!found) { return false; } } return true; }
if ((this.owner == null && rhs.owner == null) || (this.owner != null && this.owner .equals(rhs.owner))) { if (this.entriesInheriting == rhs.entriesInheriting) { if ((this.loadedSids == null && rhs.loadedSids == null)) { .size())) { for (int i = 0; i < this.loadedSids.size(); i++) { if (!this.loadedSids.get(i).equals( rhs.loadedSids.get(i))) { return false;
@Test public void testGrantedAuthoritySidEquals() throws Exception { GrantedAuthority ga = new SimpleGrantedAuthority("ROLE_TEST"); Sid gaSid = new GrantedAuthoritySid(ga); assertThat(gaSid.equals(null)).isFalse(); assertThat(gaSid.equals("DIFFERENT_TYPE_OBJECT")).isFalse(); assertThat(gaSid.equals(gaSid)).isTrue(); assertThat(gaSid.equals(new GrantedAuthoritySid(ga))).isTrue(); assertThat(gaSid.equals(new GrantedAuthoritySid( new SimpleGrantedAuthority("ROLE_TEST")))).isTrue(); assertThat(gaSid.equals(new GrantedAuthoritySid( new SimpleGrantedAuthority("ROLE_NOT_EQUAL")))).isFalse(); assertThat(gaSid.equals(new GrantedAuthoritySid("ROLE_TEST"))).isTrue(); assertThat(gaSid.equals(new GrantedAuthoritySid("ROLE_NOT_EQUAL"))).isFalse(); }
if (currentUser.equals(acl.getOwner()) && ((changeType == CHANGE_GENERAL) || (changeType == CHANGE_OWNERSHIP))) { return;
@Test public void testPrincipalSidEquals() throws Exception { Authentication authentication = new TestingAuthenticationToken("johndoe", "password"); Sid principalSid = new PrincipalSid(authentication); assertThat(principalSid.equals(null)).isFalse(); assertThat(principalSid.equals("DIFFERENT_TYPE_OBJECT")).isFalse(); assertThat(principalSid.equals(principalSid)).isTrue(); assertThat(principalSid.equals(new PrincipalSid(authentication))).isTrue(); assertThat(principalSid.equals(new PrincipalSid( new TestingAuthenticationToken("johndoe", null)))).isTrue(); assertThat(principalSid.equals(new PrincipalSid( new TestingAuthenticationToken("scott", null)))).isFalse(); assertThat(principalSid.equals(new PrincipalSid("johndoe"))).isTrue(); assertThat(principalSid.equals(new PrincipalSid("scott"))).isFalse(); }
/** * Protect admin permission granted to acl owner. */ private void secureOwner(MutableAclRecord acl, Sid sid) { Message msg = MsgPicker.getMsg(); AclRecord record = acl.getAclRecord(); if (record.getOwner().equals(sid) == false) return; // prevent changing owner's admin permission if (BasePermission.ADMINISTRATION.equals(record.getPermission(sid))) throw new ForbiddenException(msg.getREVOKE_ADMIN_PERMISSION()); }
|| (this.granting != rhs.isGranting()) || !this.permission.equals(rhs.getPermission()) || !this.sid.equals(rhs.getSid())) { return false;
&& ace.getSid().equals(sid)) {
@Override protected Boolean hasPermission(Sid p, Permission permission) { for (; permission != null; permission = permission.impliedBy) { for (Entry e : entries) { if (e.permission == permission && e.sid.equals(p)) { return e.allowed; } } } return null; } private static final Logger LOGGER = Logger.getLogger(SparseACL.class.getName());
public static boolean isSidLoaded(List<Sid> loadedSids, List<Sid> sids) { // If loadedSides is null, this indicates all SIDs were loaded // Also return true if the caller didn't specify a SID to find if ((loadedSids == null) || (sids == null) || (sids.size() == 0)) { return true; } // This ACL applies to a SID subset only. Iterate to check it applies. for (Sid sid: sids) { boolean found = false; for (Sid loadedSid : loadedSids) { if (sid.equals(loadedSid)) { // this SID is OK found = true; break; // out of loadedSids for loop } } if (!found) { return false; } } return true; }
@Override public boolean isSidLoaded(List<Sid> sids) { // If loadedSides is null, this indicates all SIDs were loaded // Also return true if the caller didn't specify a SID to find if ((this.loadedSids == null) || (sids == null) || (sids.size() == 0)) { return true; } // This ACL applies to a SID subset only. Iterate to check it applies. for (Sid sid : sids) { boolean found = false; for (Sid loadedSid : loadedSids) { if (sid.equals(loadedSid)) { // this SID is OK found = true; break; // out of loadedSids for loop } } if (!found) { return false; } } return true; }
@Override public boolean equals(Object o) { if (this == o) { return true; } if (!(o instanceof AceDataImpl)) { return false; } AceDataImpl aceData = (AceDataImpl) o; if (auditFailure != aceData.auditFailure) { return false; } if (auditSuccess != aceData.auditSuccess) { return false; } if (granting != aceData.granting) { return false; } if (id != null ? !id.equals(aceData.id) : aceData.id != null) { return false; } if (permission != null ? !permission.equals(aceData.permission) : aceData.permission != null) { return false; } if (sid != null ? !sid.equals(aceData.sid) : aceData.sid != null) { return false; } return true; }
private Multimap<String, String> getPermissions(Map<ObjectIdentity, Acl> acls, Sid sid) { Multimap<String, String> result = LinkedHashMultimap.create(); acls.forEach( (objectIdentity, acl) -> { String id = objectIdentity.getIdentifier().toString(); acl.getEntries() .stream() .filter(ace -> ace.getSid().equals(sid)) .map(this::getPermissionString) .forEach(permission -> result.put(id, permission)); }); return result; }
private AccessControlEntry findAce( List<AccessControlEntry> aces, Sid sid, Permission permission ) { for ( AccessControlEntry ace : aces ) { if ( ace.getSid().equals( sid ) && ace.getPermission().equals( permission ) ) { return ace; } } return null; } }
private AccessControlEntry findAce( List<AccessControlEntry> aces, Sid sid, AclPermission permission ) { for ( AccessControlEntry ace : aces ) { if ( ace.getSid().equals( sid ) && ace.getPermission().equals( permission ) ) { return ace; } } return null; }
@Override public boolean equals(Object o) { if (this == o) { return true; } if (!(o instanceof AclDataImpl)) { return false; } AclDataImpl aclData = (AclDataImpl) o; if (entriesInheriting != aclData.entriesInheriting) { return false; } if (entries != null ? !entries.equals(aclData.entries) : aclData.entries != null) { return false; } if (objectIdentity != null ? !objectIdentity.equals(aclData.objectIdentity) : aclData.objectIdentity != null) { return false; } if (owner != null ? !owner.equals(aclData.owner) : aclData.owner != null) { return false; } if (parentAclData != null ? !parentAclData.equals(aclData.parentAclData) : aclData.parentAclData != null) { return false; } return true; }
@Override public boolean exists(ObjectIdentity objectIdentity, Sid sid) { MutableAcl acl = (MutableAcl) mutableAclService.readAclById(objectIdentity, singletonList(sid)); return acl.getEntries().stream().anyMatch(ace -> ace.getSid().equals(sid)); } }
private boolean isAllowByOwner(PermissionGrantingContext context) { // if is owner then allow all permissions return context.getOwnerSid().equals(context.getCurrentSid()); } }
private boolean deleteAceIfExists(Sid sid, MutableAcl acl) { boolean aclUpdated = false; int nrEntries = acl.getEntries().size(); for (int i = nrEntries - 1; i >= 0; i--) { AccessControlEntry accessControlEntry = acl.getEntries().get(i); if (accessControlEntry.getSid().equals(sid)) { acl.deleteAce(i); aclUpdated = true; } } return aclUpdated; }
/** * Note that position of SIDs is important * @param authSid * @param aclSid * @return */ private boolean compareSids(Sid authSid, Sid aclSid) { if(MultiTenancySupport.isNoTenant(aclSid)) { // acl sid can has no tenant, we must consider this // not that null tenant mean that it common rule for any GrantedAuthorities of tenants if(authSid instanceof GrantedAuthoritySid) { return (aclSid instanceof GrantedAuthoritySid) && Objects.equals( ((GrantedAuthoritySid) authSid).getGrantedAuthority(), ((GrantedAuthoritySid) aclSid).getGrantedAuthority() ); } if(authSid instanceof PrincipalSid) { return (aclSid instanceof PrincipalSid) && Objects.equals( ((PrincipalSid) authSid).getPrincipal(), ((PrincipalSid) aclSid).getPrincipal() ); } } // there a unsupported sids or its has tenant, compare its as usual objects return aclSid.equals(authSid); }