protected String getOwner( final Session session, final String path, final AccessControlList acList) throws RepositoryException { AclMetadata aclMetadata = JcrRepositoryFileAclUtils.getAclMetadata(session, path, acList); if (aclMetadata != null) { return aclMetadata.getOwner(); } else { return null; } }
protected boolean isEntriesInheriting( final Session session, final String path, final AccessControlList acList) throws RepositoryException { AclMetadata aclMetadata = JcrRepositoryFileAclUtils.getAclMetadata(session, path, acList); if (aclMetadata != null) { return aclMetadata.isEntriesInheriting(); } else { return false; } }
protected RepositoryFileAcl internalUpdateAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable fileId, final RepositoryFileAcl acl) throws RepositoryException { Node node = session.getNodeByIdentifier(fileId.toString()); if (node == null) { throw new RepositoryException( Messages.getInstance() .getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", fileId.toString())); // $NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList(acMgr, absPath); // clear all entries AccessControlEntry[] acEntries = acList.getAccessControlEntries(); for (int i = 0; i < acEntries.length; i++) { acList.removeAccessControlEntry(acEntries[i]); } JcrRepositoryFileAclUtils.setAclMetadata( session, absPath, acList, new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting())); // add entries to now empty list but only if not inheriting; force user to start with clean // slate if (!acl.isEntriesInheriting()) { for (RepositoryFileAce ace : acl.getAces()) { Principal principal = null; if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) { principal = new SpringSecurityRolePrincipal(ace.getSid().getName()); } else { principal = new SpringSecurityUserPrincipal(ace.getSid().getName()); } acList.addAccessControlEntry( principal, permissionConversionHelper.pentahoPermissionsToPrivileges( session, ace.getPermissions())); } } acMgr.setPolicy(absPath, acList); session.save(); return getAcl(fileId); }
private RepositoryFileAcl toAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable id) throws RepositoryException { Node node = session.getNodeByIdentifier(id.toString()); if (node == null) { throw new RepositoryException( Messages.getInstance() .getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", id.toString())); // $NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList(acMgr, absPath); RepositoryFileSid owner = null; String ownerString = getOwner(session, absPath, acList); if (ownerString != null) { // for now, just assume all owners are users; only has UI impact owner = new RepositoryFileSid( JcrTenantUtils.getUserNameUtils().getPrincipleName(ownerString), RepositoryFileSid.Type.USER); } RepositoryFileAcl.Builder aclBuilder = new RepositoryFileAcl.Builder(id, owner); aclBuilder.entriesInheriting(isEntriesInheriting(session, absPath, acList)); List<AccessControlEntry> cleanedAcEntries = JcrRepositoryFileAclUtils.removeAclMetadata( Arrays.asList(acList.getAccessControlEntries())); for (AccessControlEntry acEntry : cleanedAcEntries) { if (!acEntry .getPrincipal() .equals( new SpringSecurityRolePrincipal( JcrTenantUtils.getTenantedRole(tenantAdminAuthorityName)))) { aclBuilder.ace(toAce(session, acEntry)); } } return aclBuilder.build(); }
protected RepositoryFileAcl internalUpdateAcl( final Session session, final PentahoJcrConstants pentahoJcrConstants, final Serializable fileId, final RepositoryFileAcl acl) throws RepositoryException { if (isKioskEnabled()) { throw new RuntimeException( Messages.getInstance() .getString("JcrRepositoryFileDao.ERROR_0006_ACCESS_DENIED")); // $NON-NLS-1$ } DefaultPermissionConversionHelper permissionConversionHelper = new DefaultPermissionConversionHelper(session); Node node = session.getNodeByIdentifier(fileId.toString()); if (node == null) { throw new RepositoryException( Messages.getInstance() .getString( "JackrabbitRepositoryFileAclDao.ERROR_0001_NODE_NOT_FOUND", fileId.toString())); // $NON-NLS-1$ } String absPath = node.getPath(); AccessControlManager acMgr = session.getAccessControlManager(); AccessControlList acList = getAccessControlList(acMgr, absPath); // clear all entries AccessControlEntry[] acEntries = acList.getAccessControlEntries(); for (int i = 0; i < acEntries.length; i++) { acList.removeAccessControlEntry(acEntries[i]); } JcrRepositoryFileAclUtils.setAclMetadata( session, absPath, acList, new AclMetadata(acl.getOwner().getName(), acl.isEntriesInheriting())); // add entries to now empty list but only if not inheriting; force user to start with clean // slate boolean adminPrincipalExist = false; ITenant principalTenant = null; if (!acl.isEntriesInheriting()) { for (RepositoryFileAce ace : acl.getAces()) { Principal principal = null; if (RepositoryFileSid.Type.ROLE == ace.getSid().getType()) { String principalName = JcrTenantUtils.getRoleNameUtils().getPrincipleName(ace.getSid().getName()); if (tenantAdminAuthorityName.equals(principalName)) { adminPrincipalExist = true; } principal = new SpringSecurityRolePrincipal( JcrTenantUtils.getTenantedRole(ace.getSid().getName())); } else { principal = new SpringSecurityUserPrincipal( JcrTenantUtils.getTenantedUser(ace.getSid().getName())); } acList.addAccessControlEntry( principal, permissionConversionHelper.pentahoPermissionsToPrivileges( session, ace.getPermissions())); } if (!adminPrincipalExist) { if (acl.getAces() != null && acl.getAces().size() > 0) { principalTenant = JcrTenantUtils.getRoleNameUtils().getTenant(acl.getAces().get(0).getSid().getName()); } if (principalTenant == null || principalTenant.getId() == null) { principalTenant = JcrTenantUtils.getTenant(); } List<RepositoryFilePermission> permissionList = new ArrayList<RepositoryFilePermission>(); permissionList.add(RepositoryFilePermission.ALL); Principal adminPrincipal = new SpringSecurityRolePrincipal( JcrTenantUtils.getRoleNameUtils() .getPrincipleId(principalTenant, tenantAdminAuthorityName)); acList.addAccessControlEntry( adminPrincipal, permissionConversionHelper.pentahoPermissionsToPrivileges( session, EnumSet.copyOf(permissionList))); } } acMgr.setPolicy(absPath, acList); session.save(); return getAcl(fileId); }