org.springframework.security.acls.model.Acl Java Examples

The following examples show how to use org.springframework.security.acls.model.Acl. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: AclServiceTest.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 
Example #2
Source File: MigrationService.java    From kylin with Apache License 2.0 6 votes vote down vote up
public List<String> getCubeAdmins(CubeInstance cubeInstance) {
    ProjectInstance prjInstance = cubeInstance.getProjectInstance();
    AclEntity ae = accessService.getAclEntity("ProjectInstance", prjInstance.getUuid());
    logger.info("ProjectUUID : " + prjInstance.getUuid());
    Acl acl = accessService.getAcl(ae);

    String mailSuffix = KylinConfig.getInstanceFromEnv().getNotificationMailSuffix();
    List<String> cubeAdmins = Lists.newArrayList();
    if (acl != null) {
        for (AccessControlEntry ace : acl.getEntries()) {
            if (ace.getPermission().getMask() == 16) {
                PrincipalSid ps = (PrincipalSid) ace.getSid();
                cubeAdmins.add(ps.getPrincipal() + mailSuffix);
            }
        }
    }

    if (cubeAdmins.isEmpty()) {
        throw new BadRequestException("Cube access list is null, please add at least one role in it.");
    }
    return cubeAdmins;
}
 
Example #3
Source File: AclService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
@Override
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException {
    Map<ObjectIdentity, Acl> aclMaps = new HashMap<>();
    for (ObjectIdentity oid : oids) {
        AclRecord record = getAclRecordByCache(objID(oid));
        if (record == null) {
            Message msg = MsgPicker.getMsg();
            throw new NotFoundException(String.format(Locale.ROOT, msg.getACL_INFO_NOT_FOUND(), oid));
        }

        Acl parentAcl = null;
        if (record.isEntriesInheriting() && record.getParentDomainObjectInfo() != null)
            parentAcl = readAclById(record.getParentDomainObjectInfo());

        record.init(parentAcl, aclPermissionFactory, permissionGrantingStrategy);

        aclMaps.put(oid, new MutableAclRecord(record));
    }
    return aclMaps;
}
 
Example #4
Source File: AclServiceTest.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Test
public void testBatchUpsertAce() {
    switchToAdmin();
    ObjectIdentity oid = oid("acl");
    MutableAclRecord acl = (MutableAclRecord) aclService.createAcl(oid);
    final Map<Sid, Permission> sidToPerm = new HashMap<>();
    for (int i = 0; i < 10; i++) {
        sidToPerm.put(new PrincipalSid("u" + i), AclPermission.ADMINISTRATION);
    }
    aclService.batchUpsertAce(acl, sidToPerm);

    for (Acl a : aclService.readAclsById(Collections.singletonList(oid)).values()) {
        List<AccessControlEntry> e = a.getEntries();
        Assert.assertEquals(10, e.size());
        for (int i = 0; i < e.size(); i++) {
            Assert.assertEquals(new PrincipalSid("u" + i), e.get(i).getSid());
        }
    }
}
 
Example #5
Source File: AclRecord.java    From kylin with Apache License 2.0 6 votes vote down vote up
public void init(Acl parentAcl, PermissionFactory aclPermissionFactory,
        PermissionGrantingStrategy permissionGrantingStrategy) {
    this.aclPermissionFactory = aclPermissionFactory;
    this.permissionGrantingStrategy = permissionGrantingStrategy;
    this.parentAcl = parentAcl;

    if (entries == null)
        entries = new ArrayList<>();

    // convert legacy ace
    if (legacyAceInfo != null) {
        for (LegacyAceInfo legacy : legacyAceInfo.values()) {
            entries.add(new AceImpl(legacy));
        }
        Collections.sort(entries, AceImpl.SID_ORDER);
        legacyAceInfo = null;
    }

    for (int i = 0; i < entries.size(); i++) {
        entries.get(i).init(this, i);
    }
}
 
Example #6
Source File: AclService.java    From kylin with Apache License 2.0 6 votes vote down vote up
@Override
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> oids, List<Sid> sids) throws NotFoundException {
    Map<ObjectIdentity, Acl> aclMaps = new HashMap<>();
    for (ObjectIdentity oid : oids) {
        AclRecord record = getAclRecordByCache(objID(oid));
        if (record == null) {
            Message msg = MsgPicker.getMsg();
            throw new NotFoundException(String.format(Locale.ROOT, msg.getACL_INFO_NOT_FOUND(), oid));
        }

        Acl parentAcl = null;
        if (record.isEntriesInheriting() && record.getParentDomainObjectInfo() != null)
            parentAcl = readAclById(record.getParentDomainObjectInfo());

        record.init(parentAcl, aclPermissionFactory, permissionGrantingStrategy);

        aclMaps.put(oid, new MutableAclRecord(record));
    }
    return aclMaps;
}
 
Example #7
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #8
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 
Example #9
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 6 votes vote down vote up
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 
Example #10
Source File: PermissionInheritanceResolverTest.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
@Test
void testGetInheritedPermissions() {
  Sid user = mock(PrincipalSid.class);
  Sid role1Sid = new GrantedAuthoritySid("ROLE_role1");
  Sid role2Sid = new GrantedAuthoritySid("ROLE_role2");
  Sid role3Sid = new GrantedAuthoritySid("ROLE_role3");

  // Acl setup
  Acl parentPackageAcl =
      PermissionTestUtils.getSinglePermissionAcl(role3Sid, 16, "parentPackageAcl");
  Acl packageAcl =
      PermissionTestUtils.getSinglePermissionAcl(user, 4, "packageAcl", parentPackageAcl);
  Acl entityAcl =
      PermissionTestUtils.getSinglePermissionAcl(role2Sid, 8, "entityAcl", packageAcl);

  doReturn(Arrays.asList(role1Sid, role2Sid)).when(userRoleTools).getRolesForSid(user);
  doReturn(singletonList(role3Sid)).when(userRoleTools).getRolesForSid(role1Sid);

  InheritedPermissionsResult expected =
      getInheritedPermissionsResult(packageAcl, parentPackageAcl, role1Sid, role2Sid, role3Sid);

  assertEquals(expected, resolver.getInheritedPermissionsResults(entityAcl, user));
}
 
Example #11
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #12
Source File: InheritanceTestUtils.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
public static InheritedPermissionsResult getInheritedPermissionsResult(
    Acl packageAcl, Acl parentPackageAcl, Sid role1, Sid role2, Sid role3) {
  // Permissions on parentpackage
  InheritedUserPermissionsResult parentPackageAclPermissionsRole3 =
      InheritedUserPermissionsResult.create(
          role3, PermissionSet.WRITEMETA, Collections.emptyList());
  InheritedUserPermissionsResult parentPackageAclPermissionsRole1 =
      InheritedUserPermissionsResult.create(
          role1, null, Collections.singletonList(parentPackageAclPermissionsRole3));
  InheritedAclPermissionsResult parentPackageAclPermissions =
      InheritedAclPermissionsResult.create(
          parentPackageAcl,
          null,
          Collections.singletonList(parentPackageAclPermissionsRole1),
          null);
  // Permissions on package
  InheritedAclPermissionsResult packageAclPermissions =
      InheritedAclPermissionsResult.create(
          packageAcl, PermissionSet.READ, Collections.emptyList(), parentPackageAclPermissions);
  // Permissions on entity
  InheritedUserPermissionsResult entityPermissionRole2 =
      InheritedUserPermissionsResult.create(role2, PermissionSet.WRITE, Collections.emptyList());

  return InheritedPermissionsResult.create(
      Collections.singletonList(entityPermissionRole2), packageAclPermissions);
}
 
Example #13
Source File: PermissionServiceImpl.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
private void getPermissionResponsesForSingleSid(
    Acl acl, boolean isReturnInheritedPermissions, Set<LabelledPermission> result, Sid sid) {
  PermissionSet ownPermission = null;
  for (AccessControlEntry ace : acl.getEntries()) {
    if (sid.equals(ace.getSid())) {
      ownPermission = PermissionSetUtils.getPermissionSet(ace);
    }
  }
  Set<LabelledPermission> inheritedPermissions = new LinkedHashSet<>();
  if (isReturnInheritedPermissions) {
    inheritedPermissions.addAll(inheritanceResolver.getInheritedPermissions(acl, sid));
  }
  if (ownPermission != null || !inheritedPermissions.isEmpty()) {
    inheritedPermissions = inheritedPermissions.isEmpty() ? null : inheritedPermissions;
    result.add(
        LabelledPermission.create(
            sid,
            entityHelper.getLabelledObjectIdentity(acl.getObjectIdentity()),
            ownPermission,
            inheritedPermissions));
  }
}
 
Example #14
Source File: TransactionalJdbcMutableAclService.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
/**
 * Same as {@link JdbcMutableAclService#createAcl(ObjectIdentity)} except for duplicate key
 * checking which is handled by by the database for performance reasons.
 */
@Transactional
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) {
  Assert.notNull(objectIdentity, "Object Identity required");

  // Need to retrieve the current principal, in order to know who "owns" this ACL
  // (can be changed later on)
  Sid sid = SidUtils.createSecurityContextSid();

  try {
    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);
  } catch (DuplicateKeyException e) {
    throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
  }
  // Retrieve the ACL via superclass (ensures cache registration, proper retrieval
  // etc)
  Acl acl = readAclById(objectIdentity);
  Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

  return (MutableAcl) acl;
}
 
Example #15
Source File: PermissionInheritanceResolver.java    From molgenis with GNU Lesser General Public License v3.0 6 votes vote down vote up
private Optional<InheritedAclPermissionsResult> getParentAclPermissions(Acl acl, Sid sid) {
  InheritedAclPermissionsResult parentAclPermissions;
  List<InheritedUserPermissionsResult> parentRolePermissions;
  Acl parentAcl = acl.getParentAcl();
  if (parentAcl != null) {
    PermissionSet ownPermission = getPermissionsForAcl(parentAcl, sid);
    parentRolePermissions = getPermissionsForRoles(parentAcl, sid);
    parentAclPermissions =
        getParentAclPermissions(parentAcl, sid)
            .orElse(null); // Get permissions for parentAcl of the parentAcl - Recursive
    InheritedAclPermissionsResult inheritedAclPermissionsResult =
        InheritedAclPermissionsResult.create(
            parentAcl, ownPermission, parentRolePermissions, parentAclPermissions);
    if (isNotEmpty(inheritedAclPermissionsResult)) {
      return Optional.of(inheritedAclPermissionsResult);
    }
  }
  return Optional.empty();
}
 
Example #16
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
public List<String> getAllAclSids(Acl acl, String type) {
    if (null == acl) {
        return Collections.emptyList();
    }

    List<String> result = new ArrayList<>();
    for (AccessControlEntry ace : acl.getEntries()) {
        String name = null;
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_USER) && ace.getSid() instanceof PrincipalSid) {
            name = ((PrincipalSid) ace.getSid()).getPrincipal();
        }
        if (type.equalsIgnoreCase(MetadataConstants.TYPE_GROUP) && ace.getSid() instanceof GrantedAuthoritySid) {
            name = ((GrantedAuthoritySid) ace.getSid()).getGrantedAuthority();
        }
        if (!StringUtils.isBlank(name)) {
            result.add(name);
        }
    }
    return result;
}
 
Example #17
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #18
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Override
public MutableAcl createAcl(ObjectIdentity objectIdentity) throws AlreadyExistsException {
    Assert.notNull(objectIdentity, "Object Identity required");

    // Check this object identity hasn't already been persisted
    if (retrieveObjectIdentityPrimaryKey(objectIdentity) != null) {
        throw new AlreadyExistsException("Object identity '" + objectIdentity + "' already exists");
    }

    // Need to retrieve the current principal, in order to know who "owns" this ACL (can be changed later on)
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    PrincipalSid sid = new PrincipalSid(auth);

    // Create the acl_object_identity row
    createObjectIdentity(objectIdentity, sid);

    // Retrieve the ACL via superclass (ensures cache registration, proper retrieval etc)
    Acl acl = readAclById(objectIdentity);
    Assert.isInstanceOf(MutableAcl.class, acl, "MutableAcl should be been returned");

    return (MutableAcl) acl;
}
 
Example #19
Source File: AccessService.java    From kylin with Apache License 2.0 6 votes vote down vote up
private Map<String, Integer> getProjectPermission(String project) {
    Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);

    String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
    AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
    Acl acl = getAcl(ae);
    if (acl != null && acl.getEntries() != null) {
        List<AccessControlEntry> aces = acl.getEntries();
        for (AccessControlEntry ace : aces) {
            Sid sid = ace.getSid();
            if (sid instanceof PrincipalSid) {
                String principal = ((PrincipalSid) sid).getPrincipal();
                SidWithPermission.put(principal, ace.getPermission().getMask());
            }
            if (sid instanceof GrantedAuthoritySid) {
                String grantedAuthority = ((GrantedAuthoritySid) sid).getGrantedAuthority();
                SidWithPermission.put(grantedAuthority, ace.getPermission().getMask());
            }
        }
    }
    return SidWithPermission;
}
 
Example #20
Source File: AccessController.java    From kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Revoke access on a domain object from a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.DELETE }, produces = { "application/json" })
public List<AccessEntryResponse> revoke(@PathVariable String type, @PathVariable String uuid, AccessRequest accessRequest) throws IOException {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Acl acl = accessService.revoke(ae, accessRequest.getAccessEntryId());

    if (accessRequest.isPrincipal()) {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_USER);
    } else {
        revokeTableACL(type, uuid, accessRequest.getSid(), MetadataConstants.TYPE_GROUP);
    }

    return accessService.generateAceResponses(acl);
}
 
Example #21
Source File: PermissionServiceImpl.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
private Map<ObjectIdentity, Acl> readAcls(Set<Sid> sids, List<ObjectIdentity> objectIdentities) {
  Map<ObjectIdentity, Acl> aclMap = new LinkedHashMap<>();
  if (!objectIdentities.isEmpty()) {
    if (sids.isEmpty()) {
      aclMap = mutableAclService.readAclsById(objectIdentities);
    } else {
      aclMap = mutableAclService.readAclsById(objectIdentities, userRoleTools.sortSids(sids));
    }
  }
  return aclMap;
}
 
Example #22
Source File: PermissionManagerControllerTest.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Test
void testGetUserEntityClassPermissions() {
  MutableAcl acl1 = mock(MutableAcl.class);
  MutableAcl acl2 = mock(MutableAcl.class);
  MutableAcl acl3 = mock(MutableAcl.class);

  AccessControlEntry ace1 = mock(AccessControlEntry.class);
  AccessControlEntry ace2 = mock(AccessControlEntry.class);

  when(ace1.getSid()).thenReturn(userSid);
  when(ace2.getSid()).thenReturn(userSid);

  when(acl1.getEntries()).thenReturn(Collections.singletonList(ace1));
  when(acl2.getEntries()).thenReturn(Collections.singletonList(ace2));
  when(acl3.getEntries()).thenReturn(Collections.emptyList());

  Map<ObjectIdentity, Acl> acls = new HashMap<>();
  acls.put(entityIdentity1, acl1);
  acls.put(entityIdentity2, acl2);
  acls.put(entityIdentity3, acl3);
  when(mutableAclService.readAclsById(
          Arrays.asList(entityIdentity1, entityIdentity2, entityIdentity3),
          singletonList(userSid)))
      .thenReturn(acls);

  when(ace1.getPermission()).thenReturn(permissionWritemeta);
  when(ace2.getPermission()).thenReturn(permissionCount);

  Permissions expected =
      Permissions.create(
          ImmutableSet.of("1", "2", "3"),
          ImmutableMultimap.of(entityType1.getId(), "writemeta", entityType2.getId(), "count"));

  assertEquals(expected, permissionManagerController.getUserEntityClassPermissions("Ipsum"));
}
 
Example #23
Source File: PermissionServiceImpl.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
private Map<String, Set<LabelledPermission>> getPermissions(
    Map<ObjectIdentity, Acl> acls,
    List<ObjectIdentity> objectIdentities,
    Set<Sid> sids,
    boolean isReturnInheritedPermissions) {
  Map<String, Set<LabelledPermission>> result = new LinkedHashMap<>();
  objectIdentities.forEach(
      objectIdentity ->
          result.put(
              objectIdentity.getIdentifier().toString(),
              getPermissionResponses(
                  acls.get(objectIdentity), isReturnInheritedPermissions, sids)));
  return result;
}
 
Example #24
Source File: AclRecord.java    From kylin with Apache License 2.0 5 votes vote down vote up
@Override
public void setParent(Acl newParent) {
    AclRecord newP = newParent instanceof MutableAclRecord //
            ? ((MutableAclRecord) newParent).getAclRecord()
            : (AclRecord) newParent;
    parentDomainObjectInfo = newP.domainObjectInfo;
    parentAcl = newP;
}
 
Example #25
Source File: InheritedAclPermissionsResult.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
public static InheritedAclPermissionsResult create(
    Acl acl,
    PermissionSet ownPermission,
    List<InheritedUserPermissionsResult> parentRolePermissions,
    InheritedAclPermissionsResult parentAclPermissions) {
  return new AutoValue_InheritedAclPermissionsResult(
      acl, ownPermission, parentRolePermissions, parentAclPermissions);
}
 
Example #26
Source File: JpaMutableAclService.java    From Spring-Security-Third-Edition with MIT License 5 votes vote down vote up
@Override
public Map<ObjectIdentity, Acl> readAclsById(List<ObjectIdentity> objects, List<Sid> sids) throws NotFoundException {
    Map<ObjectIdentity, Acl> result = lookupStrategy.readAclsById(objects, sids);

    // Check every requested object identity was found (throw NotFoundException if needed)
    for (ObjectIdentity oid : objects) {
        if (!result.containsKey(oid)) {
            throw new NotFoundException("Unable to find ACL information for object identity '" + oid + "'");
        }
    }

    return result;
}
 
Example #27
Source File: AccessController.java    From kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Update a access on a domain object
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.PUT }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> update(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) {
    AclEntity ae = accessService.getAclEntity(type, uuid);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.update(ae, accessRequest.getAccessEntryId(), permission);

    return accessService.generateAceResponses(acl);
}
 
Example #28
Source File: PermissionServiceImpl.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
public Set<LabelledPermission> getPermissionsForObject(
    ObjectIdentity objectIdentity, Set<Sid> sids, boolean isReturnInheritedPermissions) {
  checkTypeExists(objectIdentity.getType());
  entityHelper.checkEntityExists(objectIdentity);
  Acl acl = mutableAclService.readAclById(objectIdentity);
  return getPermissionResponses(acl, isReturnInheritedPermissions, sids);
}
 
Example #29
Source File: AccessController.java    From kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Grant a new access on a domain object to a user/role
 * 
 * @param accessRequest
 */
@RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" })
@ResponseBody
public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException {
    boolean isPrincipal = accessRequest.isPrincipal();
    String name = accessRequest.getSid();
    validateUtil.checkIdentifiersExists(name, isPrincipal);

    AclEntity ae = accessService.getAclEntity(type, uuid);
    Sid sid = accessService.getSid(name, isPrincipal);
    Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission());
    Acl acl = accessService.grant(ae, permission, sid);

    return accessService.generateAceResponses(acl);
}
 
Example #30
Source File: PermissionServiceImpl.java    From molgenis with GNU Lesser General Public License v3.0 5 votes vote down vote up
@Override
public Map<String, Set<LabelledPermission>> getPermissionsForType(
    String typeId, Set<Sid> sids, boolean isReturnInherited) {
  entityHelper.checkEntityTypeExists(typeId);
  List<ObjectIdentity> objectIdentities = getObjectIdentities(typeId, sids, isReturnInherited);
  Map<ObjectIdentity, Acl> aclMap = readAcls(sids, objectIdentities);

  return getPermissions(aclMap, objectIdentities, sids, isReturnInherited);
}