示例#1
0
 /** {@inheritDoc} */
 @Override
 public void delete(List<Sid> sids, List<Permission> permissions, Entity target) {
   ObjectIdentity oid = createIdentityFor(target);
   MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid);
   deletePermissionsFromAcl(acl, sids, permissions);
   mutableAclService.updateAcl(acl);
 }
示例#2
0
 /**
  * Get existing ACL for identity. If ACL does not exist it will be created.
  *
  * @param oid object identity
  * @return ACL fro this object identity
  */
 private MutableAcl getAclFor(ObjectIdentity oid) {
   MutableAcl acl;
   try {
     acl = (MutableAcl) mutableAclService.readAclById(oid);
   } catch (NotFoundException nfe) {
     acl = mutableAclService.createAcl(oid);
   }
   return acl;
 }
 @Transactional
 @Secured("ROLE_USER")
 public synchronized void postMessage(Message message) {
   message.setId(System.currentTimeMillis());
   messages.put(message.getId(), message);
   ObjectIdentity oid = new ObjectIdentityImpl(Message.class, message.getId());
   MutableAcl acl = mutableAclService.createAcl(oid);
   acl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(message.getAuthor()), true);
   acl.insertAce(1, BasePermission.DELETE, new GrantedAuthoritySid("ROLE_ADMIN"), true);
   acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER"), true);
   mutableAclService.updateAcl(acl);
 }
  @Transactional
  public int createEvent(Event event) {
    int result = eventDao.createEvent(event);
    event.setId(result);

    MutableAcl acl = aclService.createAcl(new ObjectIdentityImpl(event));
    PrincipalSid sid = new PrincipalSid(userContext.getCurrentUser().getEmail());
    acl.setOwner(sid);
    acl.insertAce(0, BasePermission.READ, sid, true);
    aclService.updateAcl(acl);

    return result;
  }
  public void addPermission(BankingTx tx, Sid recipient, Permission permission) {
    MutableAcl acl;
    ObjectIdentity oid = new ObjectIdentityImpl(BankingTx.class, tx.getId());

    try {
      acl = (MutableAcl) mutableAclService.readAclById(oid);
    } catch (NotFoundException nfe) {
      System.out.println("oid=" + oid.toString());
      acl = mutableAclService.createAcl(oid);
    }

    acl.insertAce(acl.getEntries().size(), permission, recipient, true);
    mutableAclService.updateAcl(acl);
  }
示例#6
0
 /** {@inheritDoc} */
 @Override
 public void revoke(List<Sid> sids, List<Permission> permissions, Entity target) {
   ObjectIdentity oid = createIdentityFor(target);
   MutableAcl acl = getAclFor(oid);
   applyPermissionsToSids(sids, permissions, target, acl, false);
   mutableAclService.updateAcl(acl);
 }
  public void deletePermission(BankingTx tx, Sid recipient, Permission permission) {
    ObjectIdentity oid = new ObjectIdentityImpl(BankingTx.class, tx.getTransactionId());
    MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid);

    // Remove all permissions associated with this particular recipient (string equality to KISS)
    List<AccessControlEntry> entries = acl.getEntries();

    for (int i = 0; i < entries.size(); i++) {
      if (entries.get(i).getSid().equals(recipient)
          && entries.get(i).getPermission().equals(permission)) {
        acl.deleteAce(i);
      }
    }

    mutableAclService.updateAcl(acl);
  }
 @Transactional
 // @Secured({"ROLE_ADMIN", "IP_LOCAL_HOST"})
 @Secured("ACL_MESSAGE_DELETE")
 public synchronized void deleteMessage(Message message) {
   messages.remove(message.getId());
   ObjectIdentity oid = new ObjectIdentityImpl(Message.class, message.getId());
   mutableAclService.deleteAcl(oid, false);
 }
示例#9
0
 /** {@inheritDoc} */
 @Override
 public void deleteFromAcl(Class clazz, long id) {
   if (id <= 0) {
     throw new IllegalStateException("Object id must be greater then 0.");
   }
   ObjectIdentity oid = new ObjectIdentityImpl(clazz, id);
   mutableAclService.deleteAcl(oid, true);
   logger.debug("Deleted securedObject" + clazz.getSimpleName() + " with id:" + id);
 }
  @Transactional
  @Secured({"ROLE_REP", "ACL_TRANSACTION_DELETE", "ACL_TX_DELETE"})
  public void deleteTransaction(String txId) {

    aclBankingTxDao.delete(txId);
    ObjectIdentity oid = new ObjectIdentityImpl(BankingTx.class, txId);

    mutableAclService.deleteAcl(oid, false);
  }
  /** Grants permissions for the specified task to the specified user. */
  private void grantPermissionsForTask(String taskId, String username) {

    MutableAcl taskAcl = null;
    ObjectIdentity taskObjectIdentity = new ObjectIdentityImpl(TASK_PREFIX, taskId);

    try {
      taskAcl = (MutableAcl) mutableAclService.readAclById(taskObjectIdentity);
    } catch (NotFoundException e) {
      taskAcl = mutableAclService.createAcl(taskObjectIdentity);
    }
    Object obj = taskAcl.getEntries();
    taskAcl.insertAce(
        taskAcl.getEntries().size(), BasePermission.WRITE, new PrincipalSid(username), true);
    taskAcl.insertAce(
        taskAcl.getEntries().size(), BasePermission.READ, new PrincipalSid(username), true);

    mutableAclService.updateAcl(taskAcl);
  }
  @Test
  public void testNoAclIsNotPublic() {
    final Photo photo = makeTestPhoto();

    final ObjectIdentityImpl identity = new ObjectIdentityImpl(photo);
    Mockito.when(identityRetrievalStrategy.getObjectIdentity(photo)).thenReturn(identity);
    final GrantedAuthoritySid everyone = new GrantedAuthoritySid("ROLE_EVERYONE");

    Mockito.when(aclService.readAclById(identity, Arrays.<Sid>asList(everyone)))
        .thenThrow(new NotFoundException("not found"));

    assertFalse(service.isPublic(photo));
  }
  private void setupAclWithPublic(Photo photo, boolean isPublic) {
    final ObjectIdentityImpl identity = new ObjectIdentityImpl(photo);
    Mockito.when(identityRetrievalStrategy.getObjectIdentity(photo)).thenReturn(identity);
    final GrantedAuthoritySid everyone = new GrantedAuthoritySid("ROLE_EVERYONE");

    publicAcl = Mockito.mock(MutableAcl.class);
    Mockito.when(aclService.readAclById(identity, Arrays.<Sid>asList(everyone)))
        .thenReturn(publicAcl);

    Mockito.when(
            publicAcl.isGranted(
                Arrays.<Permission>asList(BasePermission.READ),
                Arrays.<Sid>asList(everyone),
                false))
        .thenReturn(isPublic);
  }