Esempio n. 1
0
  @Test
  public void testConvertToCmisAcl() {
    Ace ace = aceN.toCommonsAce();
    assertEquals(ANDREAS, ace.getPrincipalId());
    assertEquals(1, ace.getPermissions().size());
    assertEquals("", ace.getPermissions().get(0));

    ace = aceR.toCommonsAce();
    assertEquals(BERTA, ace.getPrincipalId());
    assertEquals(1, ace.getPermissions().size());
    assertEquals(EnumBasicPermissions.CMIS_READ.value(), ace.getPermissions().get(0));

    ace = aceW.toCommonsAce();
    assertEquals(CHRISTIAN, ace.getPrincipalId());
    assertEquals(1, ace.getPermissions().size());
    assertEquals(EnumBasicPermissions.CMIS_WRITE.value(), ace.getPermissions().get(0));

    ace = aceA.toCommonsAce();
    assertEquals(DOROTHEE, ace.getPrincipalId());
    assertEquals(1, ace.getPermissions().size());
    assertEquals(EnumBasicPermissions.CMIS_ALL.value(), ace.getPermissions().get(0));

    InMemoryAcl acl = createDefaultAcl();
    Acl commonsAcl = acl.toCommonsAcl();
    assertEquals(4, commonsAcl.getAces().size());
    assertTrue(hasCommonsAce(commonsAcl, ANDREAS, ""));
    assertFalse(hasCommonsAce(commonsAcl, ANDREAS, EnumBasicPermissions.CMIS_READ.value()));
    assertFalse(hasCommonsAce(commonsAcl, ANDREAS, EnumBasicPermissions.CMIS_WRITE.value()));
    assertFalse(hasCommonsAce(commonsAcl, ANDREAS, EnumBasicPermissions.CMIS_ALL.value()));
    assertTrue(hasCommonsAce(commonsAcl, BERTA, EnumBasicPermissions.CMIS_READ.value()));
    assertTrue(hasCommonsAce(commonsAcl, CHRISTIAN, EnumBasicPermissions.CMIS_WRITE.value()));
    assertTrue(hasCommonsAce(commonsAcl, DOROTHEE, EnumBasicPermissions.CMIS_ALL.value()));
  }
Esempio n. 2
0
 private boolean hasCommonsAce(Acl acl, String principalId, String permission) {
   for (Ace ace : acl.getAces()) {
     if (ace.getPrincipalId().equals(principalId)
         && ace.getPermissions().get(0).equals(permission)) {
       return true;
     }
   }
   return false;
 }
Esempio n. 3
0
 private int setAcl(StoredObjectImpl so, Acl acl) {
   int aclId;
   if (null == acl || acl.getAces().isEmpty()) {
     aclId = 0;
   } else {
     aclId = getAclId(null, acl, null);
   }
   so.setAclId(aclId);
   return aclId;
 }
  @Override
  public Acl applyAcl(
      String repositoryId, String objectId, Acl aces, AclPropagation aclPropagation) {
    Acl orgAcl = getAclService().getAcl(repositoryId, objectId, Boolean.FALSE, null);

    Acl removeAces = null;
    if (orgAcl != null && orgAcl.getAces() != null && !orgAcl.getAces().isEmpty()) {
      List<Ace> directAces = new ArrayList<Ace>();

      for (Ace ace : orgAcl.getAces()) {
        if (ace.isDirect()) {
          directAces.add(ace);
        }
      }

      if (!directAces.isEmpty()) {
        removeAces = new AccessControlListImpl(directAces);
      }
    }

    return getAclService().applyAcl(repositoryId, objectId, aces, removeAces, aclPropagation, null);
  }
  @Override
  public void constraintPermissionDefined(
      String repositoryId, org.apache.chemistry.opencmis.commons.data.Acl acl, String objectId) {
    boolean aclIsEmpty =
        (acl == null) || (acl != null && CollectionUtils.isEmpty(acl.getAces())) ? true : false;
    List<PermissionDefinition> definitions =
        repositoryInfoMap.get(repositoryId).getAclCapabilities().getPermissions();
    List<String> definedIds = new ArrayList<String>();
    for (PermissionDefinition pdf : definitions) {
      definedIds.add(pdf.getId());
    }

    if (!aclIsEmpty) {
      for (org.apache.chemistry.opencmis.commons.data.Ace ace : acl.getAces()) {
        List<String> permissions = ace.getPermissions();
        for (String p : permissions) {
          if (!definedIds.contains(p)) {
            constraint(objectId, "A provided ACE includes an unsupported permission");
          }
        }
      }
    }
  }
 @Override
 public void constraintCotrollableAcl(
     TypeDefinition typeDefinition,
     org.apache.chemistry.opencmis.commons.data.Acl addAces,
     org.apache.chemistry.opencmis.commons.data.Acl removeAces,
     Properties properties) {
   // TODO ignore removeAces?
   boolean aclIsEmpty =
       (addAces == null) || (addAces != null && CollectionUtils.isEmpty(addAces.getAces()))
           ? true
           : false;
   if (!typeDefinition.isControllableAcl() && !aclIsEmpty) {
     constraint(
         getObjectId(properties), "Acl cannnot be provided to a non-controllableAcl object-type");
   }
 }
Esempio n. 7
0
  public int getAclId(StoredObjectImpl so, Acl addACEs, Acl removeACEs) {
    InMemoryAcl newAcl;
    boolean removeDefaultAcl = false;
    int aclId = 0;

    if (so == null) {
      newAcl = new InMemoryAcl();
    } else {
      aclId = so.getAclId();
      newAcl = getInMemoryAcl(aclId);
      if (null == newAcl) {
        newAcl = new InMemoryAcl();
      } else {
        // copy list so that we can safely change it without effecting
        // the original
        newAcl = new InMemoryAcl(newAcl.getAces());
      }
    }

    if (newAcl.size() == 0 && addACEs == null && removeACEs == null) {
      return 0;
    }

    if (null != removeACEs) {
      for (Ace ace : removeACEs.getAces()) {
        InMemoryAce inMemAce = new InMemoryAce(ace);
        if (inMemAce.equals(InMemoryAce.getDefaultAce())) {
          removeDefaultAcl = true;
        }
      }
    }

    if (so != null && 0 == aclId && !removeDefaultAcl) {
      return 0; // if object grants full access to everyone and it will
      // not be removed we do nothing
    }

    // add ACEs
    if (null != addACEs) {
      for (Ace ace : addACEs.getAces()) {
        InMemoryAce inMemAce = new InMemoryAce(ace);
        if (inMemAce.equals(InMemoryAce.getDefaultAce())) {
          return 0; // if everyone has full access there is no need to
        }
        // add additional ACLs.
        newAcl.addAce(inMemAce);
      }
    }

    // remove ACEs
    if (null != removeACEs) {
      for (Ace ace : removeACEs.getAces()) {
        InMemoryAce inMemAce = new InMemoryAce(ace);
        newAcl.removeAce(inMemAce);
      }
    }

    if (newAcl.size() > 0) {
      return addAcl(newAcl);
    } else {
      return 0;
    }
  }