/** * @return true if the entity is a user. */ public boolean isUser() { return entry.getReference() instanceof UserSecurityReference && !(entry instanceof SecurityAccessEntry); } }
/** * Add the parents of an entry to the list of entries to explore. * * @param parents the parents of the entry * @param groups the collection where we store the found groups * @param entriesToExplore the collection holding the entries we still have to explore * @param originalEntry the original entry of the current entry (if the current entry is a shadow), null otherwise */ private void addParentsToTheListOfEntriesToExplore(Collection<SecurityCacheEntry> parents, Collection<GroupSecurityReference> groups, Deque<SecurityCacheEntry> entriesToExplore, SecurityCacheEntry originalEntry) { if (parents == null) { return; } for (SecurityCacheEntry parent : parents) { // skip this parent if the entry is a shadow and the parent is the original entry // (ie: don't explore the original entry) if (originalEntry != null && parent == originalEntry) { continue; } // Add the parent group (if we have not already seen it) SecurityReference parentRef = parent.getEntry().getReference(); if (parentRef instanceof GroupSecurityReference && groups.add((GroupSecurityReference) parentRef)) { entriesToExplore.add(parent); } } }
/** * Update an existing cached security rule entry with parents groups if it does not have any already. * * @param groups the groups to be added to this entry, if null or empty nothing will be done. * @throws ParentEntryEvictedException if one of the groups has been evicted from the cache. */ boolean updateParentGroups(Collection<GroupSecurityReference> groups) throws ParentEntryEvictedException { if (isUser() || !(entry instanceof SecurityRuleEntry)) { return false; } if (groups != null && !groups.isEmpty()) { if (this.parents == null) { this.parents = new ArrayList<SecurityCacheEntry>(groups.size()); addParentGroups(groups, null); } else { SecurityCacheEntry parent = this.parents.iterator().next(); this.parents = new ArrayList<SecurityCacheEntry>(groups.size() + 1); this.parents.add(parent); addParentGroups(groups, parent.entry.getReference()); } } return true; }
@Override public Collection<GroupSecurityReference> getImmediateGroupsFor(UserSecurityReference user) { Collection<GroupSecurityReference> groups = new HashSet<>(); SecurityCacheEntry userEntry = getEntry(user); // If the user is not in the cache, or if it is, but not as a user, but as a regular document if (userEntry == null || !userEntry.isUser()) { // In that case, the ancestors are not fully loaded return null; } for (SecurityCacheEntry parent : userEntry.parents) { // Add the parent group (if we have not already seen it) SecurityReference parentRef = parent.getEntry().getReference(); if (parentRef instanceof GroupSecurityReference) { groups.add((GroupSecurityReference) parentRef); } } return groups; }
GroupSecurityReference entryRef = (GroupSecurityReference) entry.getEntry().getReference(); if (entryRef.isGlobal()) { SecurityCacheEntry shadow = getShadowEntry(entryRef, entityWiki);