Java Code Examples for org.alfresco.service.cmr.security.AuthorityType#USER
The following examples show how to use
org.alfresco.service.cmr.security.AuthorityType#USER .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: ChainingUserRegistrySynchronizer.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
|
private void maintainAssociationDeletions(String authorityName)
{
boolean isPerson = AuthorityType.getAuthorityType(authorityName) == AuthorityType.USER;
Set<String> parentsToDelete = isPerson ? this.personParentAssocsToDelete.get(authorityName)
: this.groupParentAssocsToDelete.get(authorityName);
if (parentsToDelete != null && !parentsToDelete.isEmpty())
{
for (String parent : parentsToDelete)
{
if (ChainingUserRegistrySynchronizer.logger.isDebugEnabled())
{
ChainingUserRegistrySynchronizer.logger
.debug("Removing '"
+ ChainingUserRegistrySynchronizer.this.authorityService
.getShortName(authorityName)
+ "' from group '"
+ ChainingUserRegistrySynchronizer.this.authorityService
.getShortName(parent) + "'");
}
ChainingUserRegistrySynchronizer.this.authorityService.removeAuthority(parent, authorityName);
}
}
}
Example 2
| Source File: GroupsImpl.java From alfresco-remote-api with GNU Lesser General Public License v3.0 | 6 votes |
|
private AuthorityType getAuthorityType(String memberType)
{
AuthorityType authorityType = null;
if (memberType != null && !memberType.isEmpty())
{
switch (memberType)
{
case PARAM_MEMBER_TYPE_GROUP:
authorityType = AuthorityType.GROUP;
break;
case PARAM_MEMBER_TYPE_PERSON:
authorityType = AuthorityType.USER;
break;
default:
throw new InvalidArgumentException("MemberType is invalid (expected eg. GROUP, PERSON)");
}
}
return authorityType;
}
Example 3
| Source File: SolrOwnerScorer.java From SearchServices with GNU Lesser General Public License v3.0 | 6 votes |
|
public static SolrOwnerScorer createOwnerScorer(Weight weight, LeafReaderContext context, SolrIndexSearcher searcher, String authority) throws IOException
{
if (AuthorityType.getAuthorityType(authority) == AuthorityType.USER)
{
DocSet ownedDocs = (DocSet) searcher.cacheLookup(CacheConstants.ALFRESCO_OWNERLOOKUP_CACHE, authority);
if (ownedDocs == null)
{
// Cache miss: query the index for docs where the owner matches the authority.
ownedDocs = searcher.getDocSet(new TermQuery(new Term(QueryConstants.FIELD_OWNER, authority)));
searcher.cacheInsert(CacheConstants.ALFRESCO_OWNERLOOKUP_CACHE, authority, ownedDocs);
}
return new SolrOwnerScorer(weight, ownedDocs, context, searcher);
}
// Return an empty doc set, as the authority isn't a user.
return new SolrOwnerScorer(weight, new BitDocSet(new FixedBitSet(0)), context, searcher);
}
Example 4
| Source File: UserNameConstraint.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
|
@Override
protected void evaluateSingleValue(Object value)
{
// ensure that the value can be converted to a String
String checkValue = null;
try
{
checkValue = DefaultTypeConverter.INSTANCE.convert(String.class, value);
}
catch (TypeConversionException e)
{
throw new ConstraintException(ERR_NON_STRING, value);
}
AuthorityType type = AuthorityType.getAuthorityType(checkValue);
if((type != AuthorityType.USER) && (type != AuthorityType.GUEST))
{
throw new ConstraintException(ERR_INVALID_USERNAME, value, type);
}
}
Example 5
| Source File: AuthorityDAOImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
|
public void addAuthorityToZones(String authorityName, Set<String> zones)
{
if ((zones != null) && (zones.size() > 0))
{
Set<NodeRef> zoneRefs = new HashSet<NodeRef>(zones.size() * 2);
for (String authorityZone : zones)
{
zoneRefs.add(getOrCreateZone(authorityZone));
}
NodeRef authRef = getAuthorityOrNull(authorityName);
if (authRef != null)
{
// Normalize the user name if necessary
if (AuthorityType.getAuthorityType(authorityName) == AuthorityType.USER)
{
authorityName = (String) nodeService.getProperty(authRef, ContentModel.PROP_USERNAME);
}
nodeService.addChild(zoneRefs, authRef, ContentModel.ASSOC_IN_ZONE, QName.createQName("cm", authorityName, namespacePrefixResolver));
}
}
}
Example 6
| Source File: AuthorityDAOImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
|
public Set<String> getContainedAuthorities(AuthorityType type, String parentName, boolean immediate)
{
AuthorityType parentAuthorityType = AuthorityType.getAuthorityType(parentName);
if (parentAuthorityType == AuthorityType.USER)
{
// Users never contain other authorities
return Collections.<String> emptySet();
}
else
{
NodeRef nodeRef = getAuthorityOrNull(parentName);
if (nodeRef == null)
{
throw new UnknownAuthorityException("An authority was not found for " + parentName);
}
Set<String> authorities = new TreeSet<String>();
listAuthorities(type, nodeRef, authorities, false, !immediate, false);
return authorities;
}
}
Example 7
| Source File: AuthorityServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 6 votes |
|
/**
* Checks if the {@code authority} (normally a username) is the same as or is contained
* within the {@code parentAuthority}.
* @param authority String
* @param parentAuthority a normalized, case sensitive authority name
* @return {@code true} if does, {@code false} otherwise.
*/
private boolean hasAuthority(String authority, String parentAuthority, Set<String> positiveHits, Set<String> negativeHits)
{
// Even users are matched case sensitively in ACLs
if (AuthorityType.getAuthorityType(parentAuthority) == AuthorityType.USER)
{
return false;
}
if (parentAuthority.equals(authority))
{
return true;
}
return authorityDAO.isAuthorityContained(parentAuthority, authority, positiveHits, negativeHits);
}
Example 8
| Source File: AuthorityDAOImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
|
public void removeAuthority(String parentName, String childName, boolean cacheRefresh)
{
NodeRef parentRef = getAuthorityOrNull(parentName);
if (parentRef == null)
{
throw new UnknownAuthorityException("An authority was not found for " + parentName);
}
NodeRef childRef = getAuthorityOrNull(childName);
if (childRef == null)
{
throw new UnknownAuthorityException("An authority was not found for " + childName);
}
nodeService.removeChild(parentRef, childRef);
childAuthorityCache.remove(parentRef);
if (AuthorityType.getAuthorityType(childName) == AuthorityType.USER)
{
// Normalize the user name
childName = (String) nodeService.getProperty(childRef, ContentModel.PROP_USERNAME);
userAuthorityCache.remove(childName);
}
else
{
userAuthorityCache.clear();
if (cacheRefresh)
{
authorityBridgeTableCache.refresh();
}
}
}
Example 9
| Source File: ChainingUserRegistrySynchronizer.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
|
@Override
public boolean createMissingPerson(String userName)
{
// synchronise or auto-create the missing person if we are allowed
if (userName != null && !userName.equals(AuthenticationUtil.getSystemUserName()))
{
if (this.syncWhenMissingPeopleLogIn)
{
try
{
synchronizeInternal(false, false, false);
}
catch (Exception e)
{
// We don't want to fail the whole login if we can help it
ChainingUserRegistrySynchronizer.logger.warn("User authenticated but failed to sync with user registry", e);
}
if (this.personService.personExists(userName))
{
return true;
}
}
if (this.autoCreatePeopleOnLogin && this.personService.createMissingPeople())
{
AuthorityType authorityType = AuthorityType.getAuthorityType(userName);
if (authorityType == AuthorityType.USER)
{
this.personService.getPerson(userName);
return true;
}
}
}
return false;
}
Example 10
| Source File: AuthorityServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
|
/**
* {@inheritDoc}
*/
public Set<String> findAuthorities(AuthorityType type, String parentAuthority, boolean immediate, String displayNamePattern, String zoneName)
{
if (type == null || type == AuthorityType.GROUP || type == AuthorityType.USER)
{
return authorityDAO.findAuthorities(type, parentAuthority, immediate, displayNamePattern, zoneName);
}
else
{
throw new UnsupportedOperationException();
}
}
Example 11
| Source File: WorkflowAuthorityManager.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
|
public boolean isUser(String authorityName)
{
AuthorityType type = AuthorityType.getAuthorityType(authorityName);
return type == AuthorityType.USER ||
type == AuthorityType.ADMIN ||
type == AuthorityType.GUEST;
}
Example 12
| Source File: SolrAuthoritySetQuery.java From SearchServices with GNU Lesser General Public License v3.0 | 5 votes |
|
private BitsFilter getOwnerFilter(String[] auths, SolrIndexSearcher searcher) throws IOException
{
Builder builder = new BooleanQuery.Builder();
for(String current : auths)
{
if (AuthorityType.getAuthorityType(current) == AuthorityType.USER)
{
builder.add(new TermQuery(new Term(QueryConstants.FIELD_OWNER, current)), BooleanClause.Occur.SHOULD);
}
}
BitsFilterCollector collector = new BitsFilterCollector(searcher.getTopReaderContext().leaves().size());
searcher.search(builder.build(), collector);
return collector.getBitsFilter();
}
Example 13
| Source File: SolrOwnerSetScorer.java From SearchServices with GNU Lesser General Public License v3.0 | 5 votes |
|
public static SolrOwnerSetScorer createOwnerSetScorer(Weight weight, LeafReaderContext context, SolrIndexSearcher searcher, String authorities) throws IOException
{
DocSet authorityOwnedDocs = (DocSet) searcher.cacheLookup(CacheConstants.ALFRESCO_OWNERLOOKUP_CACHE, authorities);
if(authorityOwnedDocs == null)
{
// Split the authorities. The first character in the authorities String
// specifies the separator, e.g. ",jbloggs,abeecher"
String[] auths = authorities.substring(1).split(authorities.substring(0, 1));
BooleanQuery.Builder bQuery = new BooleanQuery.Builder();
for(String current : auths)
{
if (AuthorityType.getAuthorityType(current) == AuthorityType.USER)
{
bQuery.add(new TermQuery(new Term(QueryConstants.FIELD_OWNER, current)), Occur.SHOULD);
}
}
WrappedQuery wrapped = new WrappedQuery(bQuery.build());
wrapped.setCache(false);
authorityOwnedDocs = searcher.getDocSet(wrapped);
searcher.cacheInsert(CacheConstants.ALFRESCO_OWNERLOOKUP_CACHE, authorities, authorityOwnedDocs);
}
// TODO: Cache the final set? e.g. searcher.cacheInsert(authorities, authorityOwnedDocs)
return new SolrOwnerSetScorer(weight, authorityOwnedDocs, context, searcher);
}
Example 14
| Source File: AuthorityServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 5 votes |
|
/**
* {@inheritDoc}
*/
public PagingResults<AuthorityInfo> getAuthoritiesInfo(AuthorityType type, String zoneName, String displayNameFilter, String sortBy, boolean sortAscending, PagingRequest pagingRequest)
{
ParameterCheck.mandatory("pagingRequest", pagingRequest);
ParameterCheck.mandatory("type", type);
if (type != AuthorityType.USER && type != AuthorityType.GROUP && type != AuthorityType.ROLE)
{
throw new UnsupportedOperationException("Unexpected authority type: "+type);
}
return authorityDAO.getAuthoritiesInfo(type, zoneName, displayNameFilter, sortBy, sortAscending, pagingRequest);
}
Example 15
| Source File: AuthorityDAOImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
private Pair<String, String> cacheKey(String authorityName)
{
String tenantDomain = AuthorityType.getAuthorityType(authorityName) == AuthorityType.USER ? tenantService.getDomain(authorityName) : tenantService.getCurrentUserDomain();
return new Pair<String, String>(tenantDomain, getPooledName(authorityName));
}
Example 16
| Source File: PersonServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
/**
* {@inheritDoc}
*/
public NodeRef createPerson(Map<QName, Serializable> properties, Set<String> zones)
{
ParameterCheck.mandatory("properties", properties);
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties.get(ContentModel.PROP_USERNAME));
if (userName == null)
{
throw new IllegalArgumentException("No username specified when creating the person.");
}
if (EqualsHelper.nullSafeEquals(userName, AuthenticationUtil.getSystemUserName()))
{
throw new AlfrescoRuntimeException("The built-in authority '" + AuthenticationUtil.getSystemUserName() + "' is a user, but not a Person (i.e. it does not have a profile).");
}
AuthorityType authorityType = AuthorityType.getAuthorityType(userName);
if (authorityType != AuthorityType.USER)
{
throw new AlfrescoRuntimeException("Attempt to create person for an authority which is not a user");
}
tenantService.checkDomainUser(userName);
if (personExists(userName))
{
throw new AlfrescoRuntimeException("Person '" + userName + "' already exists.");
}
properties.put(ContentModel.PROP_USERNAME, userName);
properties.put(ContentModel.PROP_SIZE_CURRENT, 0L);
NodeRef personRef = null;
try
{
beforeCreateNodeValidationBehaviour.disable();
personRef = nodeService.createNode(
getPeopleContainer(),
ContentModel.ASSOC_CHILDREN,
getChildNameLower(userName), // Lowercase:
ContentModel.TYPE_PERSON, properties).getChildRef();
}
finally
{
beforeCreateNodeValidationBehaviour.enable();
}
checkIfPersonShouldBeDisabledAndSetAspect(personRef, properties);
if (zones != null)
{
for (String zone : zones)
{
// Add the person to an authentication zone (corresponding to an external user registry)
// Let's preserve case on this child association
nodeService.addChild(authorityService.getOrCreateZone(zone), personRef, ContentModel.ASSOC_IN_ZONE, QName.createQName(NamespaceService.CONTENT_MODEL_PREFIX, userName, namespacePrefixResolver));
}
}
removeFromCache(userName, false);
publishEvent("user.create", this.nodeService.getProperties(personRef));
return personRef;
}
Example 17
| Source File: SiteServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
/**
* @see org.alfresco.service.cmr.site.SiteService#removeMembership(java.lang.String, java.lang.String)
*/
public void removeMembership(final String shortName, final String authorityName)
{
final NodeRef siteNodeRef = getSiteNodeRef(shortName);
if (siteNodeRef == null)
{
throw new SiteDoesNotExistException(shortName);
}
// TODO what do we do about the user if they are in a group that has
// rights to the site?
// Get the current user
String currentUserName = AuthenticationUtil.getFullyAuthenticatedUser();
// Get the user current role
final String role = getMembersRole(shortName, authorityName);
if (role != null)
{
// Check that we are not about to remove the last site manager
checkLastManagerRemoval(shortName, authorityName, role);
// If ...
// -- the current user has change permissions rights on the site
// or
// -- the user is ourselves
if ((currentUserName.equals(authorityName) == true) || isSiteAdmin(currentUserName) ||
(permissionService.hasPermission(siteNodeRef, PermissionService.CHANGE_PERMISSIONS) == AccessStatus.ALLOWED))
{
// Run as system user
AuthenticationUtil.runAs(
new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
// Remove the user from the current permission
// group
String currentGroup = getSiteRoleGroup(shortName, role, true);
authorityService.removeAuthority(currentGroup, authorityName);
return null;
}
}, AuthenticationUtil.SYSTEM_USER_NAME);
// Raise events
AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName);
if (authorityType == AuthorityType.USER)
{
activityService.postActivity(
ActivityType.SITE_USER_REMOVED, shortName,
ACTIVITY_TOOL, getActivityUserData(authorityName, ""), authorityName);
}
else if (authorityType == AuthorityType.GROUP)
{
String authorityDisplayName = authorityService.getAuthorityDisplayName(authorityName);
activityService.postActivity(
ActivityType.SITE_GROUP_REMOVED, shortName,
ACTIVITY_TOOL, getActivityGroupData(authorityDisplayName, ""));
}
}
else
{
// Throw an exception
throw new SiteServiceException(MSG_CAN_NOT_REMOVE_MSHIP, new Object[]{shortName});
}
}
else
{
// Throw an exception
throw new SiteServiceException(MSG_CAN_NOT_REMOVE_MSHIP, new Object[]{shortName});
}
}
Example 18
| Source File: SiteServiceImpl.java From alfresco-repository with GNU Lesser General Public License v3.0 | 4 votes |
|
/**
* @see org.alfresco.service.cmr.site.SiteService#setMembership(java.lang.String,
* java.lang.String, java.lang.String)
*/
public void setMembership(final String shortName,
final String authorityName,
final String role)
{
final NodeRef siteNodeRef = getSiteNodeRef(shortName);
if (siteNodeRef == null)
{
throw new SiteDoesNotExistException(shortName);
}
// Get the user's current role
final String currentRole = getMembersRole(shortName, authorityName);
// Do nothing if the role of the user is not being changed
if (currentRole == null || role.equals(currentRole) == false)
{
// TODO if this is the only site manager do not down grade their
// permissions
if(canAddMember(shortName, authorityName, role))
{
// Check that we are not about to remove the last site manager
checkLastManagerRemoval(shortName, authorityName, currentRole);
// Run as system user
AuthenticationUtil.runAs(new AuthenticationUtil.RunAsWork<Object>()
{
public Object doWork() throws Exception
{
if (currentRole != null)
{
// Remove the user from the current
// permission group
String currentGroup = getSiteRoleGroup(shortName, currentRole, true);
authorityService.removeAuthority(currentGroup, authorityName);
}
// Add the user to the new permission group
String newGroup = getSiteRoleGroup(shortName, role, true);
authorityService.addAuthority(newGroup, authorityName);
return null;
}
}, AuthenticationUtil.SYSTEM_USER_NAME);
AuthorityType authorityType = AuthorityType.getAuthorityType(authorityName);
String authorityDisplayName = authorityName;
if (authorityType == AuthorityType.GROUP)
{
authorityDisplayName = authorityService.getAuthorityDisplayName(authorityName);
}
if (currentRole == null)
{
if (authorityType == AuthorityType.USER)
{
activityService.postActivity(
ActivityType.SITE_USER_JOINED, shortName,
ACTIVITY_TOOL, getActivityUserData(authorityDisplayName, role), authorityName);
}
else if (authorityType == AuthorityType.GROUP)
{
activityService.postActivity(
ActivityType.SITE_GROUP_ADDED, shortName,
ACTIVITY_TOOL, getActivityGroupData(authorityDisplayName, role));
}
}
else
{
if (authorityType == AuthorityType.USER)
{
activityService.postActivity(
ActivityType.SITE_USER_ROLE_UPDATE, shortName,
ACTIVITY_TOOL, getActivityUserData(authorityDisplayName, role));
}
else if (authorityType == AuthorityType.GROUP)
{
activityService.postActivity(
ActivityType.SITE_GROUP_ROLE_UPDATE, shortName,
ACTIVITY_TOOL, getActivityGroupData(authorityDisplayName, role));
}
}
}
else
{
// Raise a permission exception
throw new SiteServiceException(MSG_CAN_NOT_CHANGE_MSHIP, new Object[]{shortName});
}
}
}
