Example #1
0
 // unit tested
 protected static ACLRow[] updateAclRows(ACLRow[] aclrows, ACP acp) {
   List<ACLRow> newaclrows = new LinkedList<ACLRow>();
   Map<String, ACL> aclmap = new HashMap<String, ACL>();
   for (ACL acl : acp.getACLs()) {
     String name = acl.getName();
     if (ACL.INHERITED_ACL.equals(name)) {
       continue;
     }
     aclmap.put(name, acl);
   }
   List<ACE> aces = Collections.emptyList();
   Set<String> aceKeys = null;
   String name = null;
   for (ACLRow aclrow : aclrows) {
     // new acl?
     if (!aclrow.name.equals(name)) {
       // finish remaining aces
       for (ACE ace : aces) {
         addACLRow(newaclrows, name, ace);
       }
       // start next round
       name = aclrow.name;
       ACL acl = aclmap.remove(name);
       aces =
           acl == null
               ? Collections.<ACE>emptyList()
               : new LinkedList<ACE>(Arrays.asList(acl.getACEs()));
       aceKeys = new HashSet<String>();
       for (ACE ace : aces) {
         aceKeys.add(getACEkey(ace));
       }
     }
     if (!aceKeys.contains(getACLrowKey(aclrow))) {
       // no match, keep the aclrow info instead of the ace
       newaclrows.add(
           new ACLRow(
               newaclrows.size(),
               name,
               aclrow.grant,
               aclrow.permission,
               aclrow.user,
               aclrow.group));
     }
   }
   // finish remaining aces for last acl done
   for (ACE ace : aces) {
     addACLRow(newaclrows, name, ace);
   }
   // do non-done acls
   for (ACL acl : aclmap.values()) {
     name = acl.getName();
     for (ACE ace : acl.getACEs()) {
       addACLRow(newaclrows, name, ace);
     }
   }
   ACLRow[] array = new ACLRow[newaclrows.size()];
   return newaclrows.toArray(array);
 }
Example #2
0
 protected void checkNegativeAcl(ACP acp) {
   if (negativeAclAllowed) {
     return;
   }
   if (acp == null) {
     return;
   }
   for (ACL acl : acp.getACLs()) {
     if (acl.getName().equals(ACL.INHERITED_ACL)) {
       continue;
     }
     for (ACE ace : acl.getACEs()) {
       if (ace.isGranted()) {
         continue;
       }
       String permission = ace.getPermission();
       if (permission.equals(SecurityConstants.EVERYTHING)
           && ace.getUsername().equals(SecurityConstants.EVERYONE)) {
         continue;
       }
       // allow Write, as we're sure it doesn't include Read/Browse
       if (permission.equals(SecurityConstants.WRITE)) {
         continue;
       }
       throw new IllegalArgumentException("Negative ACL not allowed: " + ace);
     }
   }
 }
Example #3
0
 // unit tested
 protected static ACLRow[] acpToAclRows(ACP acp) {
   List<ACLRow> aclrows = new LinkedList<ACLRow>();
   for (ACL acl : acp.getACLs()) {
     String name = acl.getName();
     if (name.equals(ACL.INHERITED_ACL)) {
       continue;
     }
     for (ACE ace : acl.getACEs()) {
       addACLRow(aclrows, name, ace);
     }
   }
   ACLRow[] array = new ACLRow[aclrows.size()];
   return aclrows.toArray(array);
 }
  @Test
  public void testACPInheritance() throws Exception {
    DocumentModel root = new DocumentModelImpl("/", "testACPInheritance", "Folder");
    root = session.createDocument(root);
    DocumentModel doc = new DocumentModelImpl("/testACPInheritance", "folder", "Folder");
    doc = session.createDocument(doc);

    ACP rootAcp = root.getACP();
    ACL localACL = rootAcp.getOrCreateACL();
    localACL.add(new ACE("joe_reader", READ, true));
    root.setACP(rootAcp, true);

    ACP acp = doc.getACP();
    localACL = acp.getOrCreateACL();
    localACL.add(new ACE("joe_contributor", WRITE, true));
    doc.setACP(acp, true);

    session.save();

    doc = session.getDocument(new PathRef("/testACPInheritance/folder"));
    acp = doc.getACP();
    ACL acl = acp.getACL(ACL.INHERITED_ACL);

    assertEquals("joe_reader", acl.getACEs()[0].getUsername());

    // block inheritance
    acp.getOrCreateACL()
        .add(new ACE(SecurityConstants.EVERYONE, SecurityConstants.EVERYTHING, false));
    doc.setACP(acp, true);
    session.save();

    // now the inherited acl should be null
    doc = session.getDocument(new PathRef("/testACPInheritance/folder"));
    acp = doc.getACP();
    acl = acp.getACL(ACL.INHERITED_ACL);
    assertNull(acl);
  }