org.alfresco.service.cmr.security.AccessStatus Java Examples
The following examples show how to use
org.alfresco.service.cmr.security.AccessStatus.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ACLEntryAfterInvocationTest.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
public void testBasicAllowNodePair() throws Exception { runAs("andy"); Object o = new ClassWithMethods(); Method method = o.getClass().getMethod("echoNodePair", new Class[] { NodeRef.class }); AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance(); ProxyFactory proxyFactory = new ProxyFactory(); proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("AFTER_ACL_NODE.sys:base.Read"))); proxyFactory.setTargetSource(new SingletonTargetSource(o)); Object proxy = proxyFactory.getProxy(); permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); Pair<Long, NodeRef> rootNodePair = new Pair<Long, NodeRef>(Long.valueOf(1), rootNodeRef); Object answer = method.invoke(proxy, new Object[] { rootNodeRef }); assertEquals(rootNodePair, answer); }
Example #2
Source File: NodeBrowserPost.java From alfresco-remote-api with GNU Lesser General Public License v3.0 | 6 votes |
/** * Gets the current node permissions * * @return the permissions */ public List<Permission> getPermissions(NodeRef nodeRef) { List<Permission> permissions = null; AccessStatus readPermissions = this.getPermissionService().hasPermission(nodeRef, PermissionService.READ_PERMISSIONS); if (readPermissions.equals(AccessStatus.ALLOWED)) { List<Permission> nodePermissions = new ArrayList<Permission>(); for (Iterator<AccessPermission> iterator = getPermissionService().getAllSetPermissions(nodeRef).iterator(); iterator .hasNext();) { AccessPermission ap = iterator.next(); nodePermissions.add(new Permission(ap.getPermission(), ap.getAuthority(), ap.getAccessStatus().toString())); } permissions = nodePermissions; } else { List<Permission> noReadPermissions = new ArrayList<Permission>(1); noReadPermissions.add(new NoReadPermissionGranted()); permissions = noReadPermissions; } return permissions; }
Example #3
Source File: PermissionServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
protected Set<AccessPermission> getAllPermissionsImpl(NodeRef nodeRef, boolean includeTrue, boolean includeFalse) { String userName = AuthenticationUtil.getRunAsUser(); HashSet<AccessPermission> accessPermissions = new HashSet<AccessPermission>(); for (PermissionReference pr : getSettablePermissionReferences(nodeRef)) { if (hasPermission(nodeRef, pr) == AccessStatus.ALLOWED) { accessPermissions.add(new AccessPermissionImpl(getPermission(pr), AccessStatus.ALLOWED, userName, -1)); } else { if (includeFalse) { accessPermissions.add(new AccessPermissionImpl(getPermission(pr), AccessStatus.DENIED, userName, -1)); } } } return accessPermissions; }
Example #4
Source File: ScriptNode.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
/** * @return Sorted list of <code>AccessPermission</code> based on <code>CMISConnector.AccessPermissionComparator</code> * and <code>AccessStatus</code> of the permission for an authority. */ public static List<AccessPermission> getSortedACLs(Set<AccessPermission> acls) { ArrayList<AccessPermission> ordered = new ArrayList<AccessPermission>(acls); Map<String, AccessPermission> deDuplicatedPermissions = new HashMap<String, AccessPermission>(acls.size()); Collections.sort(ordered, new CMISConnector.AccessPermissionComparator()); for (AccessPermission current : ordered) { String composedKey = current.getAuthority() + current.getPermission(); if (current.getAccessStatus() == AccessStatus.ALLOWED) { deDuplicatedPermissions.put(composedKey, current); } else if (current.getAccessStatus() == AccessStatus.DENIED) { deDuplicatedPermissions.remove(composedKey); } } return new ArrayList<AccessPermission>(deDuplicatedPermissions.values()); }
Example #5
Source File: PermissionServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
boolean hasSinglePermission(Set<String> authorisations, NodeRef nodeRef) { nodeRef = tenantService.getName(nodeRef); Serializable key = generateKey(authorisations, nodeRef, this.required, CacheType.SINGLE_PERMISSION_GLOBAL); AccessStatus status = accessCache.get(key); if (status != null) { return status == AccessStatus.ALLOWED; } // Check global permission if (checkGlobalPermissions(authorisations)) { accessCache.put(key, AccessStatus.ALLOWED); return true; } Set<Pair<String, PermissionReference>> denied = new HashSet<Pair<String, PermissionReference>>(); return hasSinglePermission(authorisations, nodeRef, denied); }
Example #6
Source File: HasPermissionMethod.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
@Override public AccessStatus execute(VirtualProtocol virtualProtocol, Reference reference) throws ProtocolMethodException { VirtualFolderDefinition definition = resolver.resolveVirtualFolderDefinition(reference); FilingRule filingRule = definition.getFilingRule(); boolean readonly = filingRule.isNullFilingRule() || filingRule.filingNodeRefFor(new FilingParameters(reference)) == null; if (readonly) { Set<String> deniedPermissions = userPermissions.getDenyReadonlySmartNodes(); if (deniedPermissions.contains(permissionToCheck)) { return AccessStatus.DENIED; } if (PermissionService.READ.equals(permissionToCheck)) { return AccessStatus.ALLOWED; } } return userPermissions.hasVirtualNodePermission(permissionToCheck, readonly); }
Example #7
Source File: ScriptNode.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
/** * Override Object.toString() to provide useful debug output */ public String toString() { if (this.nodeService.exists(nodeRef)) { if (this.services.getPermissionService().hasPermission(nodeRef, PermissionService.READ_PROPERTIES) == AccessStatus.ALLOWED) { // TODO: DC: Allow debug output of property values - for now it's disabled as this could potentially // follow a large network of nodes. return "Node Type: " + getType() + ", Node Aspects: " + getAspectsSet().toString(); } else { return "Access denied to node " + nodeRef; } } else { return "Node no longer exists: " + nodeRef; } }
Example #8
Source File: SimpleAccessControlEntry.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
public int compareTo(AccessControlEntry other) { int diff = this.getPosition() - other.getPosition(); if(diff == 0) { diff = (this.getAccessStatus()== AccessStatus.DENIED ? 0 : 1) - (other.getAccessStatus()== AccessStatus.DENIED ? 0 : 1); if(diff == 0) { return getAuthorityType().getOrderPosition() - other.getAuthorityType().getOrderPosition(); } else { return diff; } } else { return diff; } }
Example #9
Source File: VirtualUserPermissions.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
public AccessStatus hasVirtualNodePermission(String permission, boolean readonly) { if (readonly) { if (denyReadonlySmartNodesFull.contains(permission) || denyReadonlySmartNodes.contains(permission)) { return AccessStatus.DENIED; } } if (denySmartNodesFull.contains(permission) || denySmartNodes.contains(permission)) { return AccessStatus.DENIED; } else if (allowSmartNodesFull.contains(permission) || allowSmartNodes.contains(permission)) { return AccessStatus.ALLOWED; } else { return AccessStatus.UNDETERMINED; } }
Example #10
Source File: ACLEntryAfterInvocationTest.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
public void testBasicAllowChildAssociationRef2() throws Exception { runAs("andy"); Object o = new ClassWithMethods(); Method method = o.getClass().getMethod("echoChildAssocRef", new Class[] { ChildAssociationRef.class }); AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance(); ProxyFactory proxyFactory = new ProxyFactory(); proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("AFTER_ACL_PARENT.sys:base.Read"))); proxyFactory.setTargetSource(new SingletonTargetSource(o)); Object proxy = proxyFactory.getProxy(); permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); Object answer = method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(rootNodeRef) }); assertEquals(answer, nodeService.getPrimaryParent(rootNodeRef)); answer = method.invoke(proxy, new Object[] { nodeService.getPrimaryParent(systemNodeRef) }); assertEquals(answer, nodeService.getPrimaryParent(systemNodeRef)); }
Example #11
Source File: PersonServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
/** * {@inheritDoc} */ public boolean personExists(String caseSensitiveUserName) { if (isSystemUserName(caseSensitiveUserName)) { return false; } NodeRef person = getPersonOrNullImpl(caseSensitiveUserName); if (person != null) { // re: THOR-293 return permissionServiceSPI.hasPermission(person, PermissionService.READ) == AccessStatus.ALLOWED; } return false; }
Example #12
Source File: VirtualPermissionServiceExtension.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
public AccessStatus hasPermission(NodeRef nodeRef, PermissionReference perm) { PermissionServiceTrait theTrait = getTrait(); Reference reference = Reference.fromNodeRef(nodeRef); if (reference == null) { return theTrait.hasPermission(nodeRef, perm); } else { AccessStatus virtualAccessStatus = smartStore.hasPermission(reference, perm); if (!AccessStatus.UNDETERMINED.equals(virtualAccessStatus)) { return virtualAccessStatus; } else { NodeRef nodeToAdhereTo = establishPermisisonAdherence(reference); if (nodeToAdhereTo == null) { return AccessStatus.UNDETERMINED; } else { return theTrait.hasPermission(nodeToAdhereTo, perm); } } } }
Example #13
Source File: AlfrescoImapFolder.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
/** * Whether the folder is read-only for user. * * @return {@code boolean} */ @Override protected boolean isReadOnly() { AccessStatus status = serviceRegistry.getPublicServiceAccessService().hasAccess(ServiceRegistry.NODE_SERVICE.getLocalName(), "createNode", folderInfo.getNodeRef(), null, null, null); //serviceRegistry.getPermissionService().hasPermission(folderInfo.getNodeRef(), PermissionService.WRITE); return status == AccessStatus.DENIED; }
Example #14
Source File: VirtualPermissionServiceExtensionTest.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
@Test public void testHasPermissionAdherence_missingFolderPath() throws Exception { NodeRef virtualFolderT5 = createVirtualizedFolder(testRootFolder.getNodeRef(), "VirtualFolderT5", TEST_TEMPLATE_5_JSON_SYS_PATH); NodeRef filingFolderVirtualNodeRef = nodeService.getChildByName(virtualFolderT5, ContentModel.ASSOC_CONTAINS, "FilingFolder_filing_path"); assertEquals(AccessStatus.DENIED, hasPermissionAs(filingFolderVirtualNodeRef, PermissionService.DELETE, user1)); assertEquals(AccessStatus.DENIED, hasPermissionAs(filingFolderVirtualNodeRef, asTypedPermission(PermissionService.DELETE), user1)); assertEquals(AccessStatus.DENIED, hasPermissionAs(filingFolderVirtualNodeRef, PermissionService.CREATE_CHILDREN, user1)); assertEquals(AccessStatus.DENIED, hasPermissionAs(filingFolderVirtualNodeRef, asTypedPermission(PermissionService.CREATE_CHILDREN), user1)); }
Example #15
Source File: ACLEntryVoterTest.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
public void testMultiChildAssocRefMethodsArg1() throws Exception { runAs("andy"); Object o = new ClassWithMethods(); Method method = o.getClass().getMethod( "testManyChildAssociationRef", new Class[] { ChildAssociationRef.class, ChildAssociationRef.class, ChildAssociationRef.class, ChildAssociationRef.class }); AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance(); ProxyFactory proxyFactory = new ProxyFactory(); proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("ACL_NODE.1.sys:base.Read"))); proxyFactory.setTargetSource(new SingletonTargetSource(o)); Object proxy = proxyFactory.getProxy(); method.invoke(proxy, new Object[] { null, null, null, null }); try { method.invoke(proxy, new Object[] { null, nodeService.getPrimaryParent(rootNodeRef), null, null }); assertNotNull(null); } catch (InvocationTargetException e) { } permissionService.setPermission(new SimplePermissionEntry(rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); method.invoke(proxy, new Object[] { null, nodeService.getPrimaryParent(rootNodeRef), null, null }); }
Example #16
Source File: CommentsApiTest.java From alfresco-remote-api with GNU Lesser General Public License v3.0 | 5 votes |
/** * MNT-9771 * @throws Exception */ public void testCommentPermissions() throws Exception { authenticationComponent.setCurrentUser(AuthenticationUtil.getAdminUserName()); UserTransaction txn = transactionService.getUserTransaction(); txn.begin(); NodeRef contentForUserContributor = fileFolderService.create(companyHomeNodeRef, "CommentyContributor" + System.currentTimeMillis(), ContentModel.TYPE_CONTENT).getNodeRef(); permissionService.setPermission(new SimplePermissionEntry(contentForUserContributor, getPermission(PermissionService.CONTRIBUTOR), USER_TEST, AccessStatus.ALLOWED)); NodeRef contentForUserConsumer = fileFolderService.create(companyHomeNodeRef, "CommentyConsumer" + System.currentTimeMillis(), ContentModel.TYPE_CONTENT).getNodeRef(); permissionService.setPermission(new SimplePermissionEntry(contentForUserConsumer, getPermission(PermissionService.CONSUMER), USER_TEST, AccessStatus.ALLOWED)); //Contributor should be able to add comments addComment(contentForUserContributor, USER_TEST, 200); txn.commit(); // Hack. Internally, the addComment starts and rolls back the next txn. //Consumer shouldn't be able to add comments see MNT-9883 addComment(contentForUserConsumer, USER_TEST, 500); txn = transactionService.getUserTransaction(); txn.begin(); nodeService.deleteNode(contentForUserContributor); nodeService.deleteNode(contentForUserConsumer); txn.commit(); }
Example #17
Source File: MethodSecurityInterceptor.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
public AccessStatus pre(Object object) { ConfigAttributeDefinition attr = this.obtainObjectDefinitionSource().getAttributes(object); if (this.getAccessDecisionManager() instanceof AffirmativeBasedAccessDecisionManger) { return ((AffirmativeBasedAccessDecisionManger)getAccessDecisionManager()).pre(object, attr); } else { return AccessStatus.ALLOWED; } }
Example #18
Source File: PermissionModel.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
/** * Set the default access status * * @return the default access status */ public AccessStatus getDefaultPermission() { AccessStatus defaultPermission; mutableState.lock.readLock().lock(); defaultPermission = mutableState.defaultPermission; mutableState.lock.readLock().unlock(); return defaultPermission; }
Example #19
Source File: VirtualPermissionServiceExtension.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
@Override public AccessStatus hasPermission(Long aclID, PermissionContext context, String permission) { return getTrait().hasPermission(aclID, context, permission); }
Example #20
Source File: SitesImpl.java From alfresco-remote-api with GNU Lesser General Public License v3.0 | 5 votes |
public void deleteSite(String siteId, Parameters parameters) { boolean isSiteAdmin = siteService.isSiteAdmin(AuthenticationUtil.getFullyAuthenticatedUser()); SiteInfo siteInfo = validateSite(siteId); if (siteInfo == null) { // site does not exist throw new EntityNotFoundException(siteId); } siteId = siteInfo.getShortName(); NodeRef siteNodeRef = siteInfo.getNodeRef(); // belt-and-braces - double-check before purge/delete (rather than // rollback) if ((isSiteAdmin == false) && (permissionService.hasPermission(siteNodeRef, PermissionService.DELETE) != AccessStatus.ALLOWED)) { throw new AccessDeniedException("Cannot delete site: " + siteId); } // default false (if not provided) boolean permanentDelete = Boolean.valueOf(parameters.getParameter(PARAM_PERMANENT)); if (permanentDelete == true) { // Set as temporary to delete node instead of archiving. nodeService.addAspect(siteNodeRef, ContentModel.ASPECT_TEMPORARY, null); // bypassing trashcan means that purge behaviour will not fire, so // explicitly force cleanup here siteServiceImpl.beforePurgeNode(siteNodeRef); } siteService.deleteSite(siteId); }
Example #21
Source File: CommentsPost.java From alfresco-remote-api with GNU Lesser General Public License v3.0 | 5 votes |
/** * generates an comment item value * * @param commentNodeRef * @return */ private Map<String, Object> generateItemValue(NodeRef commentNodeRef) { Map<String, Object> result = new HashMap<String, Object>(4, 1.0f); String creator = (String)this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATOR); Serializable created = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATED); Serializable modified = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_MODIFIED); boolean isUpdated = false; if (created instanceof Date && modified instanceof Date) { isUpdated = ((Date)modified).getTime() - ((Date)created).getTime() > 5000; } // TODO refactor v0 Comments API to use CommentService (see ACE-5437) Serializable owner = this.nodeService.getProperty(commentNodeRef, ContentModel.PROP_OWNER); String currentUser = this.serviceRegistry.getAuthenticationService().getCurrentUserName(); boolean isSiteManager = this.permissionService.hasPermission(commentNodeRef, SiteModel.SITE_MANAGER) == (AccessStatus.ALLOWED); boolean isCoordinator = this.permissionService.hasPermission(commentNodeRef, PermissionService.COORDINATOR) == (AccessStatus.ALLOWED); boolean canEditComment = isSiteManager || isCoordinator || currentUser.equals(creator) || currentUser.equals(owner); result.put("node", commentNodeRef); result.put("author", this.personService.getPerson(creator)); result.put("isUpdated", isUpdated); result.put("canEditComment", canEditComment); return result; }
Example #22
Source File: OwnableServiceTest.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
public void testContainer() { authenticationService.authenticate("andy", "andy".toCharArray()); NodeRef testNode = nodeService.createNode(rootNodeRef, ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON, ContentModel.TYPE_CONTAINER, null).getChildRef(); assertNull(ownableService.getOwner(testNode)); assertFalse(ownableService.hasOwner(testNode)); assertFalse(nodeService.hasAspect(testNode, ContentModel.ASPECT_AUDITABLE)); assertFalse(nodeService.hasAspect(testNode, ContentModel.ASPECT_OWNABLE)); assertFalse(dynamicAuthority.hasAuthority(testNode, "andy")); assertFalse(permissionService.hasPermission(testNode, PermissionService.READ) == AccessStatus.ALLOWED); assertFalse(permissionService.hasPermission(testNode, permissionService.getAllPermission()) == AccessStatus.ALLOWED); permissionService.setPermission(rootNodeRef, permissionService.getOwnerAuthority(), permissionService.getAllPermission(), true); ownableService.setOwner(testNode, "muppet"); assertEquals("muppet", ownableService.getOwner(testNode)); ownableService.takeOwnership(testNode); assertEquals("andy", ownableService.getOwner(testNode)); assertFalse(nodeService.hasAspect(testNode, ContentModel.ASPECT_AUDITABLE)); assertTrue(nodeService.hasAspect(testNode, ContentModel.ASPECT_OWNABLE)); assertTrue(dynamicAuthority.hasAuthority(testNode, "andy")); assertTrue(permissionService.hasPermission(testNode, PermissionService.READ) == AccessStatus.ALLOWED); assertTrue(permissionService.hasPermission(testNode, permissionService.getAllPermission())== AccessStatus.ALLOWED); }
Example #23
Source File: ACLEntryAfterInvocationTest.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
public void testBasicDenyInvalidNodeRef() throws Exception { runAs("andy"); Object o = new ClassWithMethods(); Method method = o.getClass().getMethod("echoNodeRef", new Class[] { NodeRef.class }); AdvisorAdapterRegistry advisorAdapterRegistry = GlobalAdvisorAdapterRegistry.getInstance(); ProxyFactory proxyFactory = new ProxyFactory(); proxyFactory.addAdvisor(advisorAdapterRegistry.wrap(new Interceptor("AFTER_ACL_NODE.sys:base.Read"))); proxyFactory.setTargetSource(new SingletonTargetSource(o)); Object proxy = proxyFactory.getProxy(); permissionService.setPermission( new SimplePermissionEntry( rootNodeRef, getPermission(PermissionService.READ), "andy", AccessStatus.ALLOWED)); Object answer = method.invoke(proxy, new Object[] { rootNodeRef }); assertEquals("Value passed out must be valid", rootNodeRef, answer); NodeRef invalidNodeRef = new NodeRef("workspace://SpacesStore/noodle"); answer = method.invoke(proxy, new Object[] { invalidNodeRef }); method.invoke(proxy, new Object[] { invalidNodeRef }); assertEquals("Value passed out must be equal", invalidNodeRef, answer); }
Example #24
Source File: PermissionServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
protected AccessStatus adminRead() { AccessStatus result = AccessStatus.DENIED; Set<String> authorisations = getAuthorisations(); if(authorisations.contains(AuthenticationUtil.getAdminRoleName())) { result = AccessStatus.ALLOWED; } // ROLE_ADMINISTRATOR authority has FULL_CONTROL in permissionDefinitions // so we don't need to check node requirements return result; }
Example #25
Source File: CommentServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
private boolean canEditPermission(NodeRef commentNodeRef) { String creator = (String)nodeService.getProperty(commentNodeRef, ContentModel.PROP_CREATOR); Serializable owner = nodeService.getProperty(commentNodeRef, ContentModel.PROP_OWNER); String currentUser = AuthenticationUtil.getFullyAuthenticatedUser(); boolean isSiteManager = permissionService.hasPermission(commentNodeRef, SiteModel.SITE_MANAGER) == (AccessStatus.ALLOWED); boolean isCoordinator = permissionService.hasPermission(commentNodeRef, PermissionService.COORDINATOR) == (AccessStatus.ALLOWED); return (isSiteManager || isCoordinator || currentUser.equals(creator) || currentUser.equals(owner)); }
Example #26
Source File: SiteServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
/** * @see org.alfresco.service.cmr.site.SiteService#canAddMember(java.lang.String, * java.lang.String, java.lang.String) */ public boolean canAddMember(final String shortName, final String authorityName, final String role) { final NodeRef siteNodeRef = getSiteNodeRef(shortName); if (siteNodeRef == null) { throw new SiteDoesNotExistException(shortName); } // Get the user's current role final String currentRole = getMembersRole(shortName, authorityName); // Get the visibility of the site SiteVisibility visibility = getSiteVisibility(siteNodeRef); // If we are ... // -- the current user has change permissions rights on the site // or we are ... // -- referring to a public site and // -- the role being set is consumer and // -- the user being added is ourselves and // -- the member does not already have permissions // ... then we can set the permissions as system user final String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser(); return ((permissionService.hasPermission(siteNodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED) || isSiteAdmin(currentUserName) || (SiteVisibility.PUBLIC.equals(visibility) && role.equals(SiteModel.SITE_CONSUMER) && authorityName.equals(currentUserName) && currentRole == null)); }
Example #27
Source File: NodeContext.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
/** * Adds an Access Control Entry * * @param accessStatus AccessStatus * @param authority String * @param permission String */ public void addAccessControlEntry(AccessStatus accessStatus, String authority, String permission) { // Note: Map guest permission to Consumer permission - this is to handle the case where // exports made against a pre 1.2 RC2 release if (permission.equalsIgnoreCase("guest")) { permission = PermissionService.CONSUMER; } ACE ace = new ACE(accessStatus, authority, permission); accessControlEntries.add(ace); }
Example #28
Source File: Site.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
/** * Reset any permissions that have been set on the node. * <p> * All permissions will be deleted and the node set to inherit permissions. * * @param node node */ public void resetAllPermissions(ScriptNode node) { final NodeRef nodeRef = node.getNodeRef(); // ensure the user has permission to Change Permissions final PermissionService permissionService = serviceRegistry.getPermissionService(); if (permissionService.hasPermission(nodeRef, PermissionService.CHANGE_PERMISSIONS).equals(AccessStatus.ALLOWED)) { AuthenticationUtil.runAs(new RunAsWork<Void>() { public Void doWork() throws Exception { // Ensure node isn't inheriting permissions from an ancestor before deleting if (!permissionService.getInheritParentPermissions(nodeRef)) { permissionService.deletePermissions(nodeRef); permissionService.setInheritParentPermissions(nodeRef, true); } return null; } }, AuthenticationUtil.SYSTEM_USER_NAME); } else { throw new AlfrescoRuntimeException("You do not have the authority to update permissions on this node."); } }
Example #29
Source File: AbstractPermissionsDaoComponentImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
public void setPermission(StoreRef storeRef, String authority, PermissionReference permission, boolean allow) { Acl acl = getMutableAccessControlList(storeRef); SimpleAccessControlEntry entry = new SimpleAccessControlEntry(); entry.setAuthority(authority); entry.setPermission(permission); entry.setAccessStatus(allow ? AccessStatus.ALLOWED : AccessStatus.DENIED); entry.setAceType(ACEType.ALL); entry.setPosition(Integer.valueOf(0)); aclDaoComponent.setAccessControlEntry(acl.getId(), entry); }
Example #30
Source File: VirtualPermissionServiceExtensionTest.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
@Test public void testHasPermission() throws Exception { setUpTestPermissions(); // virtual permission should override actual permissions assertEquals(AccessStatus.ALLOWED, hasPermissionAs(this.virtualFolder1NodeRef, PermissionService.DELETE, user1)); assertEquals(AccessStatus.DENIED, hasPermissionAs(this.virtualFolder1NodeRef, PermissionService.CREATE_CHILDREN, user1)); assertEquals(AccessStatus.DENIED, hasPermissionAs(vf1Node2, PermissionService.DELETE, user1)); assertEquals(AccessStatus.DENIED, hasPermissionAs(vf1Node2, asTypedPermission(PermissionService.DELETE), user1)); assertEquals(AccessStatus.ALLOWED, hasPermissionAs(vf1Node2, PermissionService.CREATE_CHILDREN, user1)); assertEquals(AccessStatus.ALLOWED, hasPermissionAs(vf1Node2, asTypedPermission(PermissionService.CREATE_CHILDREN), user1)); }