/** {@inheritDoc} */
@Override
public void delete(List<Sid> sids, List<Permission> permissions, Entity target) {
ObjectIdentity oid = createIdentityFor(target);
MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid);
deletePermissionsFromAcl(acl, sids, permissions);
mutableAclService.updateAcl(acl);
}
/**
* Get existing ACL for identity. If ACL does not exist it will be created.
*
* @param oid object identity
* @return ACL fro this object identity
*/
private MutableAcl getAclFor(ObjectIdentity oid) {
MutableAcl acl;
try {
acl = (MutableAcl) mutableAclService.readAclById(oid);
} catch (NotFoundException nfe) {
acl = mutableAclService.createAcl(oid);
}
return acl;
}
@Transactional
@Secured("ROLE_USER")
public synchronized void postMessage(Message message) {
message.setId(System.currentTimeMillis());
messages.put(message.getId(), message);
ObjectIdentity oid = new ObjectIdentityImpl(Message.class, message.getId());
MutableAcl acl = mutableAclService.createAcl(oid);
acl.insertAce(0, BasePermission.ADMINISTRATION, new PrincipalSid(message.getAuthor()), true);
acl.insertAce(1, BasePermission.DELETE, new GrantedAuthoritySid("ROLE_ADMIN"), true);
acl.insertAce(2, BasePermission.READ, new GrantedAuthoritySid("ROLE_USER"), true);
mutableAclService.updateAcl(acl);
}
@Transactional
public int createEvent(Event event) {
int result = eventDao.createEvent(event);
event.setId(result);
MutableAcl acl = aclService.createAcl(new ObjectIdentityImpl(event));
PrincipalSid sid = new PrincipalSid(userContext.getCurrentUser().getEmail());
acl.setOwner(sid);
acl.insertAce(0, BasePermission.READ, sid, true);
aclService.updateAcl(acl);
return result;
}
public void addPermission(BankingTx tx, Sid recipient, Permission permission) {
MutableAcl acl;
ObjectIdentity oid = new ObjectIdentityImpl(BankingTx.class, tx.getId());
try {
acl = (MutableAcl) mutableAclService.readAclById(oid);
} catch (NotFoundException nfe) {
System.out.println("oid=" + oid.toString());
acl = mutableAclService.createAcl(oid);
}
acl.insertAce(acl.getEntries().size(), permission, recipient, true);
mutableAclService.updateAcl(acl);
}
/** {@inheritDoc} */
@Override
public void revoke(List<Sid> sids, List<Permission> permissions, Entity target) {
ObjectIdentity oid = createIdentityFor(target);
MutableAcl acl = getAclFor(oid);
applyPermissionsToSids(sids, permissions, target, acl, false);
mutableAclService.updateAcl(acl);
}
public void deletePermission(BankingTx tx, Sid recipient, Permission permission) {
ObjectIdentity oid = new ObjectIdentityImpl(BankingTx.class, tx.getTransactionId());
MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid);
// Remove all permissions associated with this particular recipient (string equality to KISS)
List<AccessControlEntry> entries = acl.getEntries();
for (int i = 0; i < entries.size(); i++) {
if (entries.get(i).getSid().equals(recipient)
&& entries.get(i).getPermission().equals(permission)) {
acl.deleteAce(i);
}
}
mutableAclService.updateAcl(acl);
}
@Transactional
// @Secured({"ROLE_ADMIN", "IP_LOCAL_HOST"})
@Secured("ACL_MESSAGE_DELETE")
public synchronized void deleteMessage(Message message) {
messages.remove(message.getId());
ObjectIdentity oid = new ObjectIdentityImpl(Message.class, message.getId());
mutableAclService.deleteAcl(oid, false);
}
/** {@inheritDoc} */
@Override
public void deleteFromAcl(Class clazz, long id) {
if (id <= 0) {
throw new IllegalStateException("Object id must be greater then 0.");
}
ObjectIdentity oid = new ObjectIdentityImpl(clazz, id);
mutableAclService.deleteAcl(oid, true);
logger.debug("Deleted securedObject" + clazz.getSimpleName() + " with id:" + id);
}
@Transactional
@Secured({"ROLE_REP", "ACL_TRANSACTION_DELETE", "ACL_TX_DELETE"})
public void deleteTransaction(String txId) {
aclBankingTxDao.delete(txId);
ObjectIdentity oid = new ObjectIdentityImpl(BankingTx.class, txId);
mutableAclService.deleteAcl(oid, false);
}
/** Grants permissions for the specified task to the specified user. */
private void grantPermissionsForTask(String taskId, String username) {
MutableAcl taskAcl = null;
ObjectIdentity taskObjectIdentity = new ObjectIdentityImpl(TASK_PREFIX, taskId);
try {
taskAcl = (MutableAcl) mutableAclService.readAclById(taskObjectIdentity);
} catch (NotFoundException e) {
taskAcl = mutableAclService.createAcl(taskObjectIdentity);
}
Object obj = taskAcl.getEntries();
taskAcl.insertAce(
taskAcl.getEntries().size(), BasePermission.WRITE, new PrincipalSid(username), true);
taskAcl.insertAce(
taskAcl.getEntries().size(), BasePermission.READ, new PrincipalSid(username), true);
mutableAclService.updateAcl(taskAcl);
}
@Test
public void testNoAclIsNotPublic() {
final Photo photo = makeTestPhoto();
final ObjectIdentityImpl identity = new ObjectIdentityImpl(photo);
Mockito.when(identityRetrievalStrategy.getObjectIdentity(photo)).thenReturn(identity);
final GrantedAuthoritySid everyone = new GrantedAuthoritySid("ROLE_EVERYONE");
Mockito.when(aclService.readAclById(identity, Arrays.<Sid>asList(everyone)))
.thenThrow(new NotFoundException("not found"));
assertFalse(service.isPublic(photo));
}
private void setupAclWithPublic(Photo photo, boolean isPublic) {
final ObjectIdentityImpl identity = new ObjectIdentityImpl(photo);
Mockito.when(identityRetrievalStrategy.getObjectIdentity(photo)).thenReturn(identity);
final GrantedAuthoritySid everyone = new GrantedAuthoritySid("ROLE_EVERYONE");
publicAcl = Mockito.mock(MutableAcl.class);
Mockito.when(aclService.readAclById(identity, Arrays.<Sid>asList(everyone)))
.thenReturn(publicAcl);
Mockito.when(
publicAcl.isGranted(
Arrays.<Permission>asList(BasePermission.READ),
Arrays.<Sid>asList(everyone),
false))
.thenReturn(isPublic);
}