protected RepositoryFileAce toAce(final Session session, final AccessControlEntry acEntry) throws RepositoryException { Principal principal = acEntry.getPrincipal(); RepositoryFileSid sid = null; String name = principal.getName(); DefaultPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper(session); if (principal instanceof Group) { sid = new RepositoryFileSid( JcrTenantUtils.getRoleNameUtils().getPrincipleName(name), RepositoryFileSid.Type.ROLE); } else { sid = new RepositoryFileSid( JcrTenantUtils.getUserNameUtils().getPrincipleName(name), RepositoryFileSid.Type.USER); } logger.debug( String.format("principal class [%s]", principal.getClass().getName())); // $NON-NLS-1$ Privilege[] privileges = acEntry.getPrivileges(); return new RepositoryFileAce( sid, permissionConversionHelper.privilegesToPentahoPermissions(session, privileges)); }
private RepositoryFileAcl toAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id) throws RepositoryException { Node node = session.getNodeByIdentifier(id.toString()); if (node == null) { throw new RepositoryException( Messages.getInstance() .getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", id.toString())); // $NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList(acMgr, absPath); RepositoryFileSid owner = null; String ownerString = getOwner(session, absPath, acList); if (ownerString != null) { // for now, just assume all owners are users; only has UI impact owner = new RepositoryFileSid( JcrTenantUtils.getUserNameUtils().getPrincipleName(ownerString), RepositoryFileSid.Type.USER); } RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder(id, owner); aclBuilder.entriesInheriting(isEntriesInheriting(session, absPath, acList)); List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata( Arrays.asList(acList.getAccessControlEntries())); for (AccessControlEntry acEntry : cleanedAcEntries) { if (!acEntry .getPrincipal() .equals( new SpringSecurityRolePrincipal( JcrTenantUtils.getTenantedRole(tenantAdminAuthorityName)))) { aclBuilder.ace(toAce(session, acEntry)); } } return aclBuilder.build(); }
public void addAce( final Serializable id, final RepositoryFileSid recipient, final EnumSet<RepositoryFilePermission> permission) { if (isKioskEnabled()) { throw new RuntimeException( Messages.getInstance() .getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED")); // $NON-NLS-1$ } Assert.notNull(id); Assert.notNull(recipient); Assert.notNull(permission); RepositoryFileAcl acl = getAcl(id); Assert.notNull(acl); // TODO mlowery find an ACE with the recipient and update that rather than adding a new ACE RepositoryFileSid newRecipient = recipient; if (recipient.getType().equals(Type.USER)) { if (JcrTenantUtils.getUserNameUtils().getTenant(recipient.getName()) == null) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedUser(recipient.getName()), recipient.getType()); } } else { if (JcrTenantUtils.getRoleNameUtils().getTenant(recipient.getName()) == null) { newRecipient = new RepositoryFileSid( JcrTenantUtils.getTenantedRole(recipient.getName()), recipient.getType()); } } RepositoryFileAcl updatedAcl = new RepositoryFileAcl.Builder(acl).ace(newRecipient, permission).build(); updateAcl(updatedAcl); logger.debug( "added ace: id=" + id + ", sid=" + recipient + ", permission=" + permission); //$NON-NLS-1$ //$NON-NLS-2$ //$NON-NLS-3$ }
protected RepositoryFileAcl internalUpdateAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable fileId, final RepositoryFileAcl acl) throws RepositoryException { if (isKioskEnabled()) { throw new RuntimeException( Messages.getInstance() .getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED")); // $NON-NLS-1$ } DefaultPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper(session); Node node = session.getNodeByIdentifier(fileId.toString()); if (node == null) { throw new RepositoryException( Messages.getInstance() .getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", fileId.toString())); // $NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList(acMgr, absPath); // clear all entries AccessControlEntry[] acEntries = acList.getAccessControlEntries(); for (int i = 0; i < acEntries.length; i++) { acList.removeAccessControlEntry(acEntries[i]); } JcrRepositoryFileAclUtils.setAclMetadata( session, absPath, acList, new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting())); // add entries to now empty list but only if not inheriting; force user to start with clean // slate boolean adminPrincipalExist = false; ITenant principalTenant = null; if (!acl.isEntriesInheriting()) { for (RepositoryFileAce ace : acl.getAces()) { Principal principal = null; if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) { String principalName = JcrTenantUtils.getRoleNameUtils().getPrincipleName(ace.getSid().getName()); if (tenantAdminAuthorityName.equals(principalName)) { adminPrincipalExist = true; } principal = new SpringSecurityRolePrincipal( JcrTenantUtils.getTenantedRole(ace.getSid().getName())); } else { principal = new SpringSecurityUserPrincipal( JcrTenantUtils.getTenantedUser(ace.getSid().getName())); } acList.addAccessControlEntry( principal, permissionConversionHelper.pentahoPermissionsToPrivileges( session, ace.getPermissions())); } if (!adminPrincipalExist) { if (acl.getAces() != null && acl.getAces().size() > 0) { principalTenant = JcrTenantUtils.getRoleNameUtils().getTenant(acl.getAces().get(0).getSid().getName()); } if (principalTenant == null || principalTenant.getId() == null) { principalTenant = JcrTenantUtils.getTenant(); } List<RepositoryFilePermission> permissionList = new ArrayList<RepositoryFilePermission>(); permissionList.add(RepositoryFilePermission.ALL); Principal adminPrincipal = new SpringSecurityRolePrincipal( JcrTenantUtils.getRoleNameUtils() .getPrincipleId(principalTenant, tenantAdminAuthorityName)); acList.addAccessControlEntry( adminPrincipal, permissionConversionHelper.pentahoPermissionsToPrivileges( session, EnumSet.copyOf(permissionList))); } } acMgr.setPolicy(absPath, acList); session.save(); return getAcl(fileId); }