protected boolean hasPermission(Authentication authentication, Object domainObject) { // Obtain the OID applicable to the domain object ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy .getObjectIdentity(domainObject); // Obtain the SIDs applicable to the principal List<Sid> sids = sidRetrievalStrategy.getSids(authentication); try { // Lookup only ACLs for SIDs we're interested in Acl acl = aclService.readAclById(objectIdentity, sids); return acl.isGranted(requirePermission, sids, false); } catch (NotFoundException ignore) { return false; } }
public final boolean equals(Object arg0) { if (arg0 == null) { return false; } if (!(arg0 instanceof Permission)) { return false; } Permission rhs = (Permission) arg0; return (this.mask == rhs.getMask()); }
public LegacyAceInfo(AccessControlEntry ace) { super(); this.sidInfo = new SidInfo(ace.getSid()); this.permissionMask = ace.getPermission().getMask(); }
public Object generateAllAceResponses(Acl acl) { List<AccessEntryResponse> result = new ArrayList<AccessEntryResponse>(); while (acl != null) { for (AccessControlEntry ace : acl.getEntries()) { result.add(new AccessEntryResponse(ace.getId(), ace.getSid(), ace.getPermission(), ace.isGranting())); } acl = acl.getParentAcl(); } return result; }
public CumulativePermission clear(Permission permission) { this.mask &= ~permission.getMask(); this.pattern = AclFormattingUtils.demergePatterns(this.pattern, permission.getPattern()); return this; }
public void cachePermissionsFor(Authentication authentication, Collection<?> objects) { if (objects.isEmpty()) { return; } List<ObjectIdentity> oidsToCache = new ArrayList<>(objects.size()); for (Object domainObject : objects) { if (domainObject == null) { continue; } ObjectIdentity oid = oidRetrievalStrategy.getObjectIdentity(domainObject); oidsToCache.add(oid); } List<Sid> sids = sidRetrievalStrategy.getSids(authentication); if (logger.isDebugEnabled()) { logger.debug("Eagerly loading Acls for " + oidsToCache.size() + " objects"); } aclService.readAclsById(oidsToCache, sids); }
public ObjectIdentityImpl(ObjectIdentity oid) { this(oid.getType(), String.valueOf(oid.getIdentifier())); }
public int getBatchSize() { return acl.getEntries().size(); }
private void verifyAceIndexExists(int aceIndex) { if (aceIndex < 0) { throw new NotFoundException("aceIndex must be greater than or equal to zero"); } if (aceIndex >= this.aces.size()) { throw new NotFoundException( "aceIndex must refer to an index of the AccessControlEntry list. " + "List size is " + aces.size() + ", index was " + aceIndex); } }
@Override public int hashCode() { int result = this.parentAcl != null ? this.parentAcl.hashCode() : 0; result = 31 * result + this.aclAuthorizationStrategy.hashCode(); result = 31 * result + (this.permissionGrantingStrategy != null ? this.permissionGrantingStrategy.hashCode() : 0); result = 31 * result + (this.aces != null ? this.aces.hashCode() : 0); result = 31 * result + this.objectIdentity.hashCode(); result = 31 * result + this.id.hashCode(); result = 31 * result + (this.owner != null ? this.owner.hashCode() : 0); result = 31 * result + (this.loadedSids != null ? this.loadedSids.hashCode() : 0); result = 31 * result + (this.entriesInheriting ? 1 : 0); return result; }
/** * Delegates to the {@link PermissionGrantingStrategy}. * * @throws UnloadedSidException if the passed SIDs are unknown to this ACL because the * ACL was only loaded for a subset of SIDs * @see DefaultPermissionGrantingStrategy */ @Override public boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode) throws NotFoundException, UnloadedSidException { Assert.notEmpty(permission, "Permissions required"); Assert.notEmpty(sids, "SIDs required"); if (!this.isSidLoaded(sids)) { throw new UnloadedSidException("ACL was not loaded for one or more SID"); } return permissionGrantingStrategy.isGranted(this, permission, sids, administrativeMode); }
/** * Determines whether the user has the given permission(s) on the domain object using * the ACL configuration. If the domain object is null, returns false (this can always * be overridden using a null check in the expression itself). */ public boolean hasPermission(Authentication authentication, Object domainObject, Object permission) { if (domainObject == null) { return false; } ObjectIdentity objectIdentity = objectIdentityRetrievalStrategy .getObjectIdentity(domainObject); return checkPermission(authentication, objectIdentity, permission); }
private MutableAcl initializeTransientFields(MutableAcl value) { if (value instanceof AclImpl) { FieldUtils.setProtectedFieldValue("aclAuthorizationStrategy", value, this.aclAuthorizationStrategy); FieldUtils.setProtectedFieldValue("permissionGrantingStrategy", value, this.permissionGrantingStrategy); } if (value.getParentAcl() != null) { initializeTransientFields((MutableAcl) value.getParentAcl()); } return value; }
@Override public boolean isGranted(List<Permission> permission, List<Sid> sids, boolean administrativeMode) throws NotFoundException, UnloadedSidException { Assert.notEmpty(sids, "SIDs required"); Assert.notEmpty(permission, "Permissions required"); return permissionGrantingStrategy.isGranted(this, permission, sids, administrativeMode); }
@Override public int hashCode() { int result = this.acl.hashCode(); result = 31 * result + this.permission.hashCode(); result = 31 * result + (this.id != null ? this.id.hashCode() : 0); result = 31 * result + this.sid.hashCode(); result = 31 * result + (this.auditFailure ? 1 : 0); result = 31 * result + (this.auditSuccess ? 1 : 0); result = 31 * result + (this.granting ? 1 : 0); return result; }
private void clearCacheIncludingChildren(ObjectIdentity objectIdentity) { Assert.notNull(objectIdentity, "ObjectIdentity required"); List<ObjectIdentity> children = findChildren(objectIdentity); if (children != null) { for (ObjectIdentity child : children) { clearCacheIncludingChildren(child); } } aclCache.evictFromCache(objectIdentity); }
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) { ObjectIdentity objectIdentity = objectIdentityGenerator.createObjectIdentity( targetId, targetType); return checkPermission(authentication, objectIdentity, permission); }
public CumulativePermission set(Permission permission) { this.mask |= permission.getMask(); this.pattern = AclFormattingUtils.mergePatterns(this.pattern, permission.getPattern()); return this; }
void setPermission(Permission perm) { this.permissionMask = perm.getMask(); this.perm = null; }
private void verifyAceIndexExists(int aceIndex) { if (aceIndex < 0) { throw new NotFoundException("aceIndex must be greater than or equal to zero"); } if (aceIndex >= this.entries.size()) { throw new NotFoundException("aceIndex must refer to an index of the AccessControlEntry list. " + "List size is " + entries.size() + ", index was " + aceIndex); } }