public boolean isEffective() { return getStatus() == Status.EFFECTIVE; }
@Override public Object clone() { return new ACE(username, permission, isGranted, creator, begin, end, contextData); }
public static ACEBuilder builder(String username, String permission) { return new ACEBuilder(username, permission); }
@Override public void setRules(String aclName, UserEntry[] userEntries, boolean overwrite) { ACL acl = getACL(aclName); if (acl == null) { // create the loca ACL acl = new ACLImpl(aclName); addACL(acl); } else if (overwrite) { // :XXX: Should not overwrite entries not given as parameters here. acl.clear(); } for (UserEntry entry : userEntries) { String username = entry.getUserName(); for (String permission : entry.getGrantedPermissions()) { acl.add(new ACE(username, permission, true)); } for (String permission : entry.getDeniedPermissions()) { acl.add(new ACE(username, permission, false)); } } cache.clear(); }
public static Access getAccess(ACE ace, String[] principals, String[] permissions) { String acePerm = ace.getPermission(); String aceUser = ace.getUsername(); for (String principal : principals) { if (principalsMatch(aceUser, principal)) { // check permission match only if principal is matching for (String permission : permissions) { if (permissionsMatch(acePerm, permission)) { return ace.isGranted() ? Access.GRANT : Access.DENY; } // end permissionMatch } // end perm for } // end principalMatch } // end princ for return Access.UNKNOWN; }
@Override public boolean blockInheritance(String username) { boolean aclChanged = false; List<ACE> aces = Lists.newArrayList(getACEs()); if (!aces.contains(ACE.BLOCK)) { aces.add(ACE.builder(username, SecurityConstants.EVERYTHING).creator(username).build()); aces.addAll(getAdminEverythingACES()); aces.add(ACE.BLOCK); aclChanged = true; setACEs(aces.toArray(new ACE[aces.size()])); } return aclChanged; }
@Override public boolean addACE(String aclName, ACE ace) { if (aclName == null) { throw new NullPointerException("'aclName' cannot be null"); } ACL acl = getOrCreateACL(aclName); boolean aclChanged = acl.add(ace); if (aclChanged) { addACL(acl); } return aclChanged; }
protected List<ACE> getAdminEverythingACES() { List<ACE> aces = new ArrayList<>(); AdministratorGroupsProvider provider = Framework.getService(AdministratorGroupsProvider.class); List<String> administratorsGroups = provider.getAdministratorsGroups(); for (String adminGroup : administratorsGroups) { aces.add(new ACE(adminGroup, SecurityConstants.EVERYTHING, true)); } return aces; }
private static boolean principalsMatch(ACE ace, String principal) { String acePrincipal = ace.getUsername(); return principalsMatch(acePrincipal, principal); }
private static boolean permissionsMatch(ACE ace, String permission) { String acePerm = ace.getPermission(); // RESTRICTED_READ needs special handling, is not implied by EVERYTHING. if (!SecurityConstants.RESTRICTED_READ.equals(permission)) { if (SecurityConstants.EVERYTHING.equals(acePerm)) { return true; } } return StringUtils.equals(acePerm, permission); }
@Override public boolean removeACE(String aclName, ACE ace) { if (aclName == null) { throw new NullPointerException("'aclName' cannot be null"); } ACL acl = getOrCreateACL(aclName); boolean aclChanged = acl.remove(ace); if (aclChanged) { addACL(acl); } return aclChanged; }
@Override public boolean removeACEsByUsername(String username) { boolean changed = false; for (ACL acl : acls) { boolean aclChanged = acl.removeByUsername(username); if (aclChanged) { addACL(acl); changed = true; } } return changed; }
/** * Returns a Long value of this ACE status. * <p> * It returns {@code null} if there is no begin and end date, which means the ACE is effective. Otherwise, it * returns 0 for PENDING, 1 for EFFECTIVE and 2 for ARCHIVED. * * @since 7.4 */ public Long getLongStatus() { if (begin == null && end == null) { return null; } return Long.valueOf(getStatus().ordinal()); }
public ACE build() { return new ACE(username, permission, isGranted, creator, begin, end, contextData); } }
public boolean isPending() { return getStatus() == Status.PENDING; }
public boolean isArchived() { return getStatus() == Status.ARCHIVED; }