org.springframework.security.acls.domain.BasePermission Java Examples

The following examples show how to use org.springframework.security.acls.domain.BasePermission. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: DefaultCalendarService.java    From Spring-Security-Third-Edition with MIT License 6 votes vote down vote up
@Transactional
@Override
public int createEvent(Event event) {

    int result = eventDao.createEvent(event);
    event.setId(result);

    // Add new ACL Entry:
    MutableAcl acl = aclService.createAcl(new ObjectIdentityImpl(event));
    PrincipalSid sid = new PrincipalSid(userContext.getCurrentUser().getEmail());
    acl.setOwner(sid);
    acl.insertAce(0,  BasePermission.READ, sid, true);
    aclService.updateAcl(acl);

    return result;
}
 
Example #2
Source File: AccessService.java    From kylin-on-parquet-v2 with Apache License 2.0 5 votes vote down vote up
/**
 * Protect admin permission granted to acl owner.
 */
private void secureOwner(MutableAclRecord acl, Sid sid) {
    Message msg = MsgPicker.getMsg();

    AclRecord record = acl.getAclRecord();
    if (record.getOwner().equals(sid) == false)
        return;

    // prevent changing owner's admin permission
    if (BasePermission.ADMINISTRATION.equals(record.getPermission(sid)))
        throw new ForbiddenException(msg.getREVOKE_ADMIN_PERMISSION());
}
 
Example #3
Source File: AccessService.java    From kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Protect admin permission granted to acl owner.
 */
private void secureOwner(MutableAclRecord acl, Sid sid) {
    Message msg = MsgPicker.getMsg();

    AclRecord record = acl.getAclRecord();
    if (record.getOwner().equals(sid) == false)
        return;

    // prevent changing owner's admin permission
    if (BasePermission.ADMINISTRATION.equals(record.getPermission(sid)))
        throw new ForbiddenException(msg.getREVOKE_ADMIN_PERMISSION());
}
 
Example #4
Source File: AccessService.java    From Kylin with Apache License 2.0 5 votes vote down vote up
/**
 * Protect admin permission granted to acl owner.
 * 
 * @param acl
 * @param indexOfAce
 */
private void secureOwner(MutableAcl acl, int indexOfAce) {
    // Can't revoke admin permission from domain object owner
    if (acl.getOwner().equals(acl.getEntries().get(indexOfAce).getSid()) && BasePermission.ADMINISTRATION.equals(acl.getEntries().get(indexOfAce).getPermission())) {
        throw new ForbiddenException("Can't revoke admin permission of owner.");
    }
}
 
Example #5
Source File: BookHandler.java    From spring-data-rest-acl with Apache License 2.0 5 votes vote down vote up
private void addACL(AbstractSecuredEntity type) {
	if(type != null) {
		securityACLDAO.addPermission(type, new PrincipalSid(SecurityUtil.getUsername()), BasePermission.ADMINISTRATION);
		securityACLDAO.addPermission(type, new PrincipalSid(SecurityUtil.getUsername()), BasePermission.READ);
		securityACLDAO.addPermission(type, new PrincipalSid(SecurityUtil.getUsername()), BasePermission.WRITE);
		securityACLDAO.addPermission(type, new PrincipalSid(SecurityUtil.getUsername()), BasePermission.DELETE);
	
		securityACLDAO.addPermission(type, new GrantedAuthoritySid("ROLE_ADMIN"), BasePermission.ADMINISTRATION);
	}		
}
 
Example #6
Source File: ACLController.java    From spring-data-rest-acl with Apache License 2.0 5 votes vote down vote up
public static Permission getPermissionFromNumber(int permNum) {
	switch(permNum) {
	case 0: return BasePermission.READ; //1
	case 1: return BasePermission.WRITE; //2
	case 2: return BasePermission.CREATE; //4
	case 3: return BasePermission.DELETE; //8
	case 4: return BasePermission.ADMINISTRATION; //16
	default: return null;
	}
}