Example #1
0
  public void testAddAccessControlEntry() throws NotExecutableException, RepositoryException {
    checkCanModifyAc(path);

    Privilege[] privileges = new Privilege[] {privs[0]};
    AccessControlList acl = getList(acMgr, path);

    AccessControlEntry entry = null;
    if (acl.addAccessControlEntry(testPrincipal, privileges)) {
      AccessControlEntry[] aces = acl.getAccessControlEntries();
      for (int i = 0; i < aces.length; i++) {
        if (aces[i].getPrincipal().equals(testPrincipal)
            && Arrays.asList(privileges).equals(Arrays.asList(aces[i].getPrivileges()))) {
          entry = aces[i];
        }
      }
      if (entry == null) throw new NotExecutableException();
    } else {
      throw new NotExecutableException();
    }
    assertEquals(
        "Principal name of the ACE must be equal to the name of the passed Principal",
        testPrincipal.getName(),
        entry.getPrincipal().getName());
    assertEquals(
        "Privileges of the ACE must be equal to the passed ones",
        Arrays.asList(privileges),
        Arrays.asList(entry.getPrivileges()));
  }
Example #2
0
 protected void tearDown() throws Exception {
   try {
     // restore original entries (remove others).
     AccessControlList list = getList(acMgr, path);
     AccessControlEntry[] entries = list.getAccessControlEntries();
     for (int i = 0; i < entries.length; i++) {
       AccessControlEntry ace = entries[i];
       if (testPrincipal.equals(ace.getPrincipal())) {
         list.removeAccessControlEntry(ace);
       }
     }
     if (!privilegesToRestore.isEmpty()) {
       list.addAccessControlEntry(
           testPrincipal,
           (Privilege[]) privilegesToRestore.toArray(new Privilege[privilegesToRestore.size()]));
     }
     if (list.getAccessControlEntries().length > 0 && acMgr.getPolicies(path).length > 0) {
       acMgr.setPolicy(path, list);
       superuser.save();
     }
   } catch (Exception e) {
     log.warn("Unexpected error while removing test entries.", e);
   }
   super.tearDown();
 }
Example #3
0
 /**
  * Adds ACE so that everyone can read access control. This allows Jackrabbit's default collectAcls
  * to work without change. Otherwise, you have to be an admin to call acMgr.getEffectivePolicies.
  */
 protected void updateRootAcl(SessionImpl systemSession, ACLEditor editor)
     throws RepositoryException {
   String rootPath = session.getRootNode().getPath();
   AccessControlPolicy[] acls = editor.getPolicies(rootPath);
   if (acls.length > 0) {
     PrincipalManager pMgr = systemSession.getPrincipalManager();
     AccessControlManager acMgr = session.getAccessControlManager();
     Principal everyone = pMgr.getEveryone();
     Privilege[] privs =
         new Privilege[] {
           acMgr.privilegeFromName(Privilege.JCR_READ),
           acMgr.privilegeFromName(Privilege.JCR_READ_ACCESS_CONTROL)
         };
     AccessControlList acList = (AccessControlList) acls[0];
     AccessControlEntry[] acEntries = acList.getAccessControlEntries();
     for (AccessControlEntry acEntry : acEntries) {
       if (acEntry.getPrincipal().equals(everyone)) {
         acList.removeAccessControlEntry(acEntry);
       }
     }
     acList.addAccessControlEntry(everyone, privs);
     editor.setPolicy(rootPath, acList);
     session.save();
   }
 }
Example #4
0
  protected RepositoryFileAce toAce(final Session session, final AccessControlEntry acEntry)
      throws RepositoryException {
    Principal principal = acEntry.getPrincipal();
    RepositoryFileSid sid = null;
    String name = principal.getName();
    DefaultPermissionConversionHelper permissionConversionHelper =
        new DefaultPermissionConversionHelper(session);

    if (principal instanceof Group) {
      sid =
          new RepositoryFileSid(
              JcrTenantUtils.getRoleNameUtils().getPrincipleName(name),
              RepositoryFileSid.Type.ROLE);
    } else {
      sid =
          new RepositoryFileSid(
              JcrTenantUtils.getUserNameUtils().getPrincipleName(name),
              RepositoryFileSid.Type.USER);
    }
    logger.debug(
        String.format("principal class [%s]", principal.getClass().getName())); // $NON-NLS-1$
    Privilege[] privileges = acEntry.getPrivileges();
    return new RepositoryFileAce(
        sid, permissionConversionHelper.privilegesToPentahoPermissions(session, privileges));
  }
Example #5
0
  public Privilege[] getPrivileges(String s) throws RepositoryException {

    Item item = registrySession.getItem(s);
    if (item instanceof Property) {
      throw new PathNotFoundException("No privilages can be added for Properties");
    }

    Set<Privilege> privileges = new HashSet<Privilege>();

    if (accessCtrlPolicies.get(s) instanceof RegistryAccessControlList) {

      AccessControlEntry[] accessNtries =
          ((RegistryAccessControlList) accessCtrlPolicies.get(s)).getAccessControlEntries();

      for (AccessControlEntry ac : accessNtries) {
        if (ac != null) {
          privileges.addAll(Arrays.asList(ac.getPrivileges()));
        }
      }
    } else {
      // TODO check how to apply NamedAccessControlPolicy
    }

    // Read-only session must have READ privilege on test node
    if (RegistryJCRSpecificStandardLoderUtil.isSessionReadOnly(registrySession.getUserID())
        && !privileges.contains(privilegeRegistry.getPrivilegeFromName(Privilege.JCR_READ))) {
      privileges.add(privilegeRegistry.getPrivilegeFromName(Privilege.JCR_READ));
    }

    if (privileges.size() != 0) {
      return privileges.toArray(new Privilege[privileges.size()]);
    } else return new Privilege[0];
  }
Example #6
0
 /**
  * Searches access control entry for given principal inside given entry set.
  *
  * @param entries the set of entries
  * @param principal the name of the principal
  * @return access control entry.
  * @throws RemoteException if there is a problem using the repository
  */
 private AccessControlEntry find(AccessControlEntry[] entries, String principal)
     throws RemoteException {
   for (AccessControlEntry entry : entries) {
     if (entry.getPrincipal().getName().equals(principal)) {
       return entry;
     }
   }
   throw new RemoteException("Access list has been deleted");
 }
Example #7
0
 private static List<Privilege> currentPrivileges(AccessControlList acl, Principal principal)
     throws RepositoryException {
   List<Privilege> privileges = new ArrayList<Privilege>();
   AccessControlEntry[] entries = acl.getAccessControlEntries();
   for (int i = 0; i < entries.length; i++) {
     AccessControlEntry ace = entries[i];
     if (principal.equals(ace.getPrincipal())) {
       privileges.addAll(Arrays.asList(ace.getPrivileges()));
     }
   }
   return privileges;
 }
Example #8
0
  private RepositoryFileAcl toAcl(
      final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id)
      throws RepositoryException {

    Node node = session.getNodeByIdentifier(id.toString());
    if (node == null) {
      throw new RepositoryException(
          Messages.getInstance()
              .getString(
                  "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND",
                  id.toString())); // $NON-NLS-1$
    }
    String absPath = node.getPath();
    AccessControlManager acMgr = session.getAccessControlManager();
    AccessControlList acList = getAccessControlList(acMgr, absPath);

    RepositoryFileSid owner = null;
    String ownerString = getOwner(session, absPath, acList);

    if (ownerString != null) {
      // for now, just assume all owners are users; only has UI impact
      owner =
          new RepositoryFileSid(
              JcrTenantUtils.getUserNameUtils().getPrincipleName(ownerString),
              RepositoryFileSid.Type.USER);
    }

    RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder(id, owner);

    aclBuilder.entriesInheriting(isEntriesInheriting(session, absPath, acList));

    List<AccessControlEntry> cleanedAcEntries =
        JcrRepositoryFileAclUtils.removeAclMetadata(
            Arrays.asList(acList.getAccessControlEntries()));

    for (AccessControlEntry acEntry : cleanedAcEntries) {
      if (!acEntry
          .getPrincipal()
          .equals(
              new SpringSecurityRolePrincipal(
                  JcrTenantUtils.getTenantedRole(tenantAdminAuthorityName)))) {
        aclBuilder.ace(toAce(session, acEntry));
      }
    }
    return aclBuilder.build();
  }
Example #9
0
  private JcrAccessControlList getAccessList(AccessControlManager acm, Node node)
      throws RepositoryException {
    AccessControlList accessList = findAccessList(acm, node);
    if (accessList == null) {
      return JcrAccessControlList.defaultInstance();
    }

    JcrAccessControlList acl = new JcrAccessControlList();

    AccessControlEntry[] entries = accessList.getAccessControlEntries();
    for (AccessControlEntry entry : entries) {
      JcrPolicy en = new JcrPolicy();
      en.setPrincipal(entry.getPrincipal().getName());
      Privilege[] privileges = entry.getPrivileges();
      for (Privilege p : privileges) {
        en.add(new JcrPermission(p.getName()));
      }
    }
    return acl;
  }