inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged V2.2 to HEAD

Browse Source 
7575: Permission changes for AVM.
   7577: Incorporated most of the feedback provided by Kevin C earlier today
   7578: Removed directory not removed by patch
   7579: EmailServer bug fixes
         AR-1902:  Double posts when emailing to a document
         AR-1904:  Attachments via email should be allowed on forum posts
         AR-1903:  (Partial Fix) Text attachments should be treated the same way as other attachments 
   7583: Fixed WCM-961 & WCM-962: Added confirm dialog for 'Delete All Deployment Reports' and 'Release Server' actions


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@8434 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
2008-03-06 14:43:55 +00:00
parent a9fac10b45
commit a49bfd311d
89 changed files with 21301 additions and 11139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

942
source/java/org/alfresco/repo/domain/hibernate/AVMAccessControlListDAO.java
View File

@@ -1,103 +1,839 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing" */
package org.alfresco.repo.domain.hibernate;
import org.alfresco.repo.avm.AVMNodeConverter;
import org.alfresco.repo.avm.AVMRepository;
import org.alfresco.repo.domain.AccessControlListDAO;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.service.cmr.avm.AVMException;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.util.Pair;
/**
* The AVM implementation for getting and setting ACLs.
* @author britt
*/
public class AVMAccessControlListDAO implements AccessControlListDAO
{
/**
* Reference to the AVM Repository instance.
*/
private AVMRepository fAVMRepository;
/**
* Default constructory.
*/
public AVMAccessControlListDAO()
{
}
public void setAvmRepository(AVMRepository repository)
{
fAVMRepository = repository;
}
/**
* Get the ACL from a node.
* @param nodeRef The reference to the node.
* @return The ACL.
* @throws InvalidNodeRefException
*/
public DbAccessControlList getAccessControlList(NodeRef nodeRef)
{
Pair<Integer, String> avmVersionPath = AVMNodeConverter.ToAVMVersionPath(nodeRef);
int version = avmVersionPath.getFirst();
String path = avmVersionPath.getSecond();
try
{
return fAVMRepository.getACL(version, path);
}
catch (AVMException e)
{
throw new InvalidNodeRefException(nodeRef);
}
}
/**
* Set the ACL on a node.
* @param nodeRef The reference to the node.
* @param acl The ACL.
* @throws InvalidNodeRefException
*/
public void setAccessControlList(NodeRef nodeRef, DbAccessControlList acl)
{
Pair<Integer, String> avmVersionPath = AVMNodeConverter.ToAVMVersionPath(nodeRef);
int version = avmVersionPath.getFirst();
if (version >= 0)
{
throw new InvalidNodeRefException("Read Only Node.", nodeRef);
}
String path = avmVersionPath.getSecond();
try
{
fAVMRepository.setACL(path, acl);
}
catch (AVMException e)
{
throw new InvalidNodeRefException(nodeRef);
}
}
}
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing" */
package org.alfresco.repo.domain.hibernate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.repo.avm.AVMNodeConverter;
import org.alfresco.repo.avm.AVMRepository;
import org.alfresco.repo.domain.AccessControlListDAO;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.permissions.ACLType;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.repo.security.permissions.SimpleAccessControlListProperties;
import org.alfresco.repo.security.permissions.impl.AclChange;
import org.alfresco.repo.security.permissions.impl.AclDaoComponent;
import org.alfresco.service.cmr.avm.AVMException;
import org.alfresco.service.cmr.avm.AVMNodeDescriptor;
import org.alfresco.service.cmr.avm.AVMService;
import org.alfresco.service.cmr.avm.AVMStoreDescriptor;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.util.Pair;
/**
* The AVM implementation for getting and setting ACLs.
*
* @author britt
*/
public class AVMAccessControlListDAO implements AccessControlListDAO
{
/**
* Reference to the AVM Repository instance.
*/
private AVMRepository fAVMRepository;
private AVMService fAVMService;
private AclDaoComponent aclDaoComponent;
/**
* Default constructory.
*/
public AVMAccessControlListDAO()
{
}
public void setAvmRepository(AVMRepository repository)
{
fAVMRepository = repository;
}
public void setAvmService(AVMService avmService)
{
fAVMService = avmService;
}
public void setAclDaoComponent(AclDaoComponent aclDaoComponent)
{
this.aclDaoComponent = aclDaoComponent;
}
public Long getIndirectAcl(NodeRef nodeRef)
{
Pair<Integer, String> avmVersionPath = AVMNodeConverter.ToAVMVersionPath(nodeRef);
int version = avmVersionPath.getFirst();
if (version >= 0)
{
throw new InvalidNodeRefException("Read Only Node.", nodeRef);
}
String path = avmVersionPath.getSecond();
try
{
AVMNodeDescriptor descriptor = fAVMService.lookup(version, path);
if (descriptor == null)
{
return null;
}
if (descriptor.isPrimary())
{
DbAccessControlList acl = getAclAsSystem(descriptor.getIndirectionVersion(), descriptor.getIndirection());
if (acl == null)
{
return null;
}
else
{
return acl.getId();
}
}
else
{
DbAccessControlList acl = getAclAsSystem(version, path);
if (acl == null)
{
return null;
}
else
{
return acl.getId();
}
}
}
catch (AVMException e)
{
throw new InvalidNodeRefException(nodeRef);
}
}
public Long getInheritedAcl(NodeRef nodeRef)
{
// TODO OK, for now we'll simply return the single parent that corresponds
// to the path stuffed in the NodeRef.
Pair<Integer, String> avmVersionPath = AVMNodeConverter.ToAVMVersionPath(nodeRef);
String path = avmVersionPath.getSecond();
List<ChildAssociationRef> result = new ArrayList<ChildAssociationRef>();
String[] splitPath = AVMNodeConverter.SplitBase(path);
if (splitPath[0] == null)
{
return null;
}
DbAccessControlList acl = getAclAsSystem(avmVersionPath.getFirst(), splitPath[0]);
if (acl == null)
{
return null;
}
else
{
return acl.getId();
}
}
/**
* Get the ACL from a node.
*
* @param nodeRef
* The reference to the node.
* @return The ACL.
* @throws InvalidNodeRefException
*/
public DbAccessControlList getAccessControlList(NodeRef nodeRef)
{
Pair<Integer, String> avmVersionPath = AVMNodeConverter.ToAVMVersionPath(nodeRef);
int version = avmVersionPath.getFirst();
String path = avmVersionPath.getSecond();
try
{
return getAclAsSystem(version, path);
}
catch (AVMException e)
{
throw new InvalidNodeRefException(nodeRef);
}
}
/**
* Set the ACL on a node.
*
* @param nodeRef
* The reference to the node.
* @param acl
* The ACL.
* @throws InvalidNodeRefException
*/
public void setAccessControlList(NodeRef nodeRef, DbAccessControlList acl)
{
Pair<Integer, String> avmVersionPath = AVMNodeConverter.ToAVMVersionPath(nodeRef);
int version = avmVersionPath.getFirst();
if (version >= 0)
{
throw new InvalidNodeRefException("Read Only Node.", nodeRef);
}
String path = avmVersionPath.getSecond();
try
{
setAclAsSystem(path, acl);
}
catch (AVMException e)
{
throw new InvalidNodeRefException(nodeRef);
}
}
public void updateChangedAcls(NodeRef startingPoint, List<AclChange> changes)
{
Long after = null;
for (AclChange change : changes)
{
if (change.getBefore() == null)
{
after = change.getAfter();
}
else if (change.getTypeBefore() != change.getTypeAfter())
{
after = change.getAfter();
}
}
Long inherited = null;
if (after != null)
{
inherited = aclDaoComponent.getInheritedAccessControlList(after);
}
updateChangedAclsImpl(startingPoint, changes, SetMode.ALL, inherited, after);
}
private void updateChangedAclsImpl(NodeRef startingPoint, List<AclChange> changes, SetMode mode, Long inherited, Long setAcl)
{
HashMap<Long, Long> changeMap = new HashMap<Long, Long>();
HashSet<Long> unchangedSet = new HashSet<Long>();
for (AclChange change : changes)
{
if (change.getBefore() == null)
{
// null is treated using the inherited acl
}
else if (!change.getBefore().equals(change.getAfter()))
{
changeMap.put(change.getBefore(), change.getAfter());
}
else
{
unchangedSet.add(change.getBefore());
}
}
unchangedSet.add(inherited);
unchangedSet.add(setAcl);
if (inherited != null)
{
updateReferencingLayeredAcls(startingPoint, inherited);
}
updateInheritedChangedAcls(startingPoint, changeMap, unchangedSet, inherited, mode);
updateLayeredAclsChangedByInheritance(changes, changeMap, unchangedSet);
}
public void forceCopy(NodeRef nodeRef)
{
Pair<Integer, String> avmVersionPath = AVMNodeConverter.ToAVMVersionPath(nodeRef);
int version = avmVersionPath.getFirst();
if (version >= 0)
{
throw new InvalidNodeRefException("Read Only Node.", nodeRef);
}
String path = avmVersionPath.getSecond();
try
{
fAVMRepository.forceCopy(path);
}
catch (AVMException e)
{
throw new InvalidNodeRefException(nodeRef);
}
}
private void updateReferencingLayeredAcls(NodeRef node, Long inherited)
{
Pair<Integer, String> avmVersionPath = AVMNodeConverter.ToAVMVersionPath(node);
int version = avmVersionPath.getFirst();
if (version >= 0)
{
throw new InvalidNodeRefException("Read Only Node.", node);
}
String path = avmVersionPath.getSecond();
try
{
AVMNodeDescriptor descriptor = fAVMService.lookup(version, path);
if (descriptor == null)
{
return;
}
else
{
List<Pair<Integer, String>> paths = fAVMService.getHeadPaths(descriptor);
for (Pair<Integer, String> current : paths)
{
List<Long> avmNodeIds = aclDaoComponent.getAvmNodesByIndirection(current.getSecond());
for (Long id : avmNodeIds)
{
// need to fix up inheritance as is has changed
AVMNodeDescriptor layerDesc = new AVMNodeDescriptor(null, null, 0, null, null, null, 0, 0, 0, id, null, 0, null, 0, false, 0, false, 0, 0);
List<Pair<Integer, String>> layerPaths = fAVMRepository.getHeadPaths(layerDesc);
// Update all locations with the updated ACL
for (Pair<Integer, String> layerPath : layerPaths)
{
AVMNodeDescriptor test = fAVMService.lookup(-1, layerPath.getSecond());
if (test.isPrimary())
{
DbAccessControlList target = getAclAsSystem(-1, layerPath.getSecond());
if (target != null)
{
if (target.getAclType() == ACLType.LAYERED)
{
fAVMService.forceCopy(layerPath.getSecond());
List<AclChange> layeredChanges = aclDaoComponent.mergeInheritedAccessControlList(inherited, target.getId());
NodeRef layeredNode = AVMNodeConverter.ToNodeRef(-1, layerPath.getSecond());
for (AclChange change : layeredChanges)
{
if (change.getBefore().equals(target.getId()))
{
Long newInherited = null;
if (change.getAfter() != null)
{
newInherited = aclDaoComponent.getInheritedAccessControlList(change.getAfter());
}
updateChangedAclsImpl(layeredNode, layeredChanges, SetMode.DIRECT_ONLY, newInherited, change.getAfter());
break;
}
}
}
}
}
}
}
}
}
}
catch (AVMException e)
{
throw new InvalidNodeRefException(node);
}
}
private void updateLayeredAclsChangedByInheritance(List<AclChange> changes, HashMap<Long, Long> changeMap, Set<Long> unchanged)
{
for (AclChange change : changes)
{
if ((change.getTypeBefore() == ACLType.LAYERED) && (change.getTypeAfter() == ACLType.LAYERED))
{
// Query for affected nodes
List<Long> avmNodeIds = aclDaoComponent.getAvmNodesByACL(change.getBefore());
for (Long id : avmNodeIds)
{
// Find all paths to the nodes
AVMNodeDescriptor desc = new AVMNodeDescriptor(null, null, 0, null, null, null, 0, 0, 0, id, null, 0, null, 0, false, 0, false, 0, 0);
List<Pair<Integer, String>> paths = fAVMRepository.getHeadPaths(desc);
// Update all locations with the updated ACL
for (Pair<Integer, String> path : paths)
{
// No need to force COW - any inherited ACL will have COWED if the top ACL required it
setAclAsSystem(path.getSecond(), aclDaoComponent.getDbAccessControlList(change.getAfter()));
NodeRef layeredNode = AVMNodeConverter.ToNodeRef(-1, path.getSecond());
updateInheritedChangedAcls(layeredNode, changeMap, unchanged, aclDaoComponent.getInheritedAccessControlList(change.getAfter()), SetMode.DIRECT_ONLY);
}
}
}
}
}
private void updateInheritedChangedAcls(NodeRef startingPoint, HashMap<Long, Long> changeMap, Set<Long> unchanged, Long unsetAcl, SetMode mode)
{
// Walk children and fix up any that reference the given list ..
Pair<Integer, String> avmVersionPath = AVMNodeConverter.ToAVMVersionPath(startingPoint);
int version = avmVersionPath.getFirst();
if (version >= 0)
{
throw new InvalidNodeRefException("Read Only Node.", startingPoint);
}
String path = avmVersionPath.getSecond();
try
{
AVMNodeDescriptor descriptor = fAVMService.lookup(version, path);
if (descriptor == null)
{
return;
}
else
{
if (descriptor.isLayeredDirectory())
{
setInheritanceForDirectChildren(descriptor, changeMap, aclDaoComponent.getInheritedAccessControlList(getAclAsSystem(-1, descriptor.getPath()).getId()));
}
fixUpAcls(descriptor, changeMap, unchanged, unsetAcl, mode);
}
}
catch (AVMException e)
{
throw new InvalidNodeRefException(startingPoint);
}
}
private void fixUpAcls(AVMNodeDescriptor descriptor, Map<Long, Long> changes, Set<Long> unchanged, Long unsetAcl, SetMode mode)
{
DbAccessControlList acl = getAclAsSystem(-1, descriptor.getPath());
Long id = null;
if (acl != null)
{
id = acl.getId();
}
if (id == null)
{
// No need to force COW - ACL should have COWed if required
setAclAsSystem(descriptor.getPath(), aclDaoComponent.getDbAccessControlList(unsetAcl));
NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, descriptor.getPath());
updateReferencingLayeredAcls(nodeRef, unsetAcl);
}
else if (changes.containsKey(id))
{
Long updateId = changes.get(id);
if (updateId != id)
{
DbAccessControlList newAcl = aclDaoComponent.getDbAccessControlList(updateId);
// No need to force COW - ACL should have COWed if required
setAclAsSystem(descriptor.getPath(), newAcl);
}
}
else if (unchanged.contains(id))
{
// carry on
}
else
{
// Not in the list
return;
}
if (descriptor.isDirectory())
{
Map<String, AVMNodeDescriptor> children;
switch (mode)
{
case ALL:
children = fAVMService.getDirectoryListing(descriptor, false);
break;
case DIRECT_ONLY:
children = fAVMService.getDirectoryListingDirect(descriptor, false);
break;
default:
throw new IllegalStateException();
}
for (AVMNodeDescriptor child : children.values())
{
fixUpAcls(child, changes, unchanged, unsetAcl, mode);
}
}
}
private void setInheritanceForDirectChildren(AVMNodeDescriptor descriptor, Map<Long, Long> changeMap, Long mergeFrom)
{
List<AclChange> changes = new ArrayList<AclChange>();
setFixedAcls(descriptor, mergeFrom, changes, SetMode.DIRECT_ONLY, false);
for (AclChange change : changes)
{
if (!change.getBefore().equals(change.getAfter()))
{
changeMap.put(change.getBefore(), change.getAfter());
}
}
}
public List<AclChange> setInheritanceForChildren(NodeRef parent, Long mergeFrom)
{
// Walk children and fix up any that reference the given list ..
// If previous is null we need to visit all descendants with a null acl and set
Pair<Integer, String> avmVersionPath = AVMNodeConverter.ToAVMVersionPath(parent);
int version = avmVersionPath.getFirst();
if (version >= 0)
{
throw new InvalidNodeRefException("Read Only Node.", parent);
}
String path = avmVersionPath.getSecond();
try
{
List<AclChange> changes = new ArrayList<AclChange>();
AVMNodeDescriptor descriptor = fAVMService.lookup(version, path);
setFixedAcls(descriptor, mergeFrom, changes, SetMode.ALL, false);
return changes;
}
catch (AVMException e)
{
throw new InvalidNodeRefException(parent);
}
}
public void setFixedAcls(AVMNodeDescriptor descriptor, Long mergeFrom, List<AclChange> changes, SetMode mode, boolean set)
{
if (descriptor == null)
{
return;
}
else
{
if (set)
{
// Simple set does not require any special COW wire up
// The AVM node will COW as required
DbAccessControlList previous = getAclAsSystem(-1, descriptor.getPath());
setAclAsSystem(descriptor.getPath(), aclDaoComponent.getDbAccessControlList(mergeFrom));
if (previous == null)
{
NodeRef nodeRef = AVMNodeConverter.ToNodeRef(-1, descriptor.getPath());
updateReferencingLayeredAcls(nodeRef, mergeFrom);
}
}
if (descriptor.isDirectory())
{
Map<String, AVMNodeDescriptor> children;
switch (mode)
{
case ALL:
children = fAVMService.getDirectoryListing(descriptor, false);
break;
case DIRECT_ONLY:
children = fAVMService.getDirectoryListingDirect(descriptor, false);
break;
default:
throw new IllegalStateException();
}
for (String key : children.keySet())
{
AVMNodeDescriptor child = children.get(key);
DbAccessControlList acl = getAclAsSystem(-1, child.getPath());
if (acl == null)
{
setFixedAcls(child, mergeFrom, changes, mode, true);
}
else if (acl.getAclType() == ACLType.LAYERED)
{
// nothing to do
}
else if (acl.getAclType() == ACLType.DEFINING)
{
// Can require copy on right to be triggered for ACLS
// So we force a copy on write (which marks ACLS and below to copy if required)
fAVMService.forceCopy(child.getPath());
List<AclChange> newChanges = aclDaoComponent.mergeInheritedAccessControlList(mergeFrom, acl.getId());
for (AclChange change : newChanges)
{
if (change.getBefore().equals(acl.getId()))
{
setAclAsSystem(child.getPath(), aclDaoComponent.getDbAccessControlList(change.getAfter()));
setFixedAcls(child, aclDaoComponent.getInheritedAccessControlList(change.getAfter()), newChanges, SetMode.DIRECT_ONLY, false);
changes.addAll(newChanges);
break;
}
}
}
else
{
setFixedAcls(child, mergeFrom, changes, mode, true);
}
}
}
}
}
private enum SetMode
{
ALL, DIRECT_ONLY;
}
public Map<ACLType, Integer> patchAcls()
{
CounterSet result = new CounterSet();
List<AVMStoreDescriptor> stores = fAVMService.getStores();
for (AVMStoreDescriptor store : stores)
{
AVMNodeDescriptor root = fAVMService.getStoreRoot(-1, store.getName());
CounterSet update = fixOldAvmAcls(root);
result.add(update);
}
HashMap<ACLType, Integer> toReturn = new HashMap<ACLType, Integer>();
toReturn.put(ACLType.DEFINING, Integer.valueOf(result.get(ACLType.DEFINING).getCounter()));
toReturn.put(ACLType.FIXED, Integer.valueOf(result.get(ACLType.FIXED).getCounter()));
toReturn.put(ACLType.GLOBAL, Integer.valueOf(result.get(ACLType.GLOBAL).getCounter()));
toReturn.put(ACLType.LAYERED, Integer.valueOf(result.get(ACLType.LAYERED).getCounter()));
toReturn.put(ACLType.OLD, Integer.valueOf(result.get(ACLType.OLD).getCounter()));
toReturn.put(ACLType.SHARED, Integer.valueOf(result.get(ACLType.SHARED).getCounter()));
return toReturn;
}
private CounterSet fixOldAvmAcls(AVMNodeDescriptor node)
{
CounterSet result = new CounterSet();
// Do the children first
if (node.isDirectory())
{
Map<String, AVMNodeDescriptor> children = fAVMRepository.getListingDirect(node, true);
for (AVMNodeDescriptor child : children.values())
{
CounterSet update = fixOldAvmAcls(child);
result.add(update);
}
}
DbAccessControlList existingAcl = getAclAsSystem(-1, node.getPath());
if (existingAcl != null)
{
if (existingAcl.getAclType() == ACLType.OLD)
{
result.increment(ACLType.DEFINING);
//
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
// Accept default versioning
Long id = aclDaoComponent.createAccessControlList(properties);
DbAccessControlList newAcl = aclDaoComponent.getDbAccessControlList(id);
AccessControlList existing = aclDaoComponent.getAccessControlList(existingAcl.getId());
for (AccessControlEntry entry : existing.getEntries())
{
if (entry.getPosition() == 0)
{
aclDaoComponent.setAccessControlEntry(id, entry);
}
}
setAclAsSystem(node.getPath(), newAcl);
// Cascade to children - changes should all be 1-1 so we do not have to post fix
List<AclChange> changes = new ArrayList<AclChange>();
setFixedAcls(node, aclDaoComponent.getInheritedAccessControlList(id), changes, SetMode.DIRECT_ONLY, false);
for (AclChange change : changes)
{
if (!change.getBefore().equals(change.getAfter()))
{
throw new IllegalStateException("ACL fix should not change the acl ids - unexpected COW!");
}
}
}
else
{
throw new IllegalStateException();
}
}
else if (node.isLayeredDirectory())
{
result.increment(ACLType.LAYERED);
// create layered permission entry
if (node.getIndirection() != null)
{
AVMNodeDescriptor referencedNode = fAVMService.lookup(-1, node.getIndirection(), false);
if ((referencedNode != null) && (referencedNode.isDirectory()))
{
DbAccessControlList acl = getAclAsSystem(-1, referencedNode.getPath());
if (acl != null)
{
setAclAsSystem(node.getPath(), DbAccessControlListImpl.createLayeredAcl(acl.getId()));
}
else
{
setAclAsSystem(node.getPath(), DbAccessControlListImpl.createLayeredAcl(null));
}
}
else
{
setAclAsSystem(node.getPath(), DbAccessControlListImpl.createLayeredAcl(null));
}
}
else
{
setAclAsSystem(node.getPath(), DbAccessControlListImpl.createLayeredAcl(null));
}
List<AclChange> changes = new ArrayList<AclChange>();
setFixedAcls(node, aclDaoComponent.getInheritedAccessControlList(getAclAsSystem(-1, node.getPath()).getId()), changes, SetMode.DIRECT_ONLY, false);
for (AclChange change : changes)
{
if (!change.getBefore().equals(change.getAfter()))
{
throw new IllegalStateException("ACL fix should not change the acl ids - unexpected COW!");
}
}
}
else if (node.isLayeredFile())
{
result.increment(ACLType.LAYERED);
if (node.getIndirection() != null)
{
AVMNodeDescriptor referencedNode = fAVMService.lookup(-1, node.getIndirection(), false);
if (referencedNode != null)
{
DbAccessControlList acl = getAclAsSystem(-1, referencedNode.getPath());
if (acl != null)
{
setAclAsSystem(node.getPath(), DbAccessControlListImpl.createLayeredAcl(acl.getId()));
}
else
{
setAclAsSystem(node.getPath(), DbAccessControlListImpl.createLayeredAcl(null));
}
}
else
{
setAclAsSystem(node.getPath(), DbAccessControlListImpl.createLayeredAcl(null));
}
}
else
{
setAclAsSystem(node.getPath(), DbAccessControlListImpl.createLayeredAcl(null));
}
List<AclChange> changes = new ArrayList<AclChange>();
setFixedAcls(node, aclDaoComponent.getInheritedAccessControlList(getAclAsSystem(-1, node.getPath()).getId()), changes, SetMode.DIRECT_ONLY, false);
for (AclChange change : changes)
{
if (!change.getBefore().equals(change.getAfter()))
{
throw new IllegalStateException("ACL fix should not change the acl ids - unexpected COW!");
}
}
}
return result;
}
private class CounterSet extends HashMap<ACLType, Counter>
{
CounterSet()
{
super();
this.put(ACLType.DEFINING, new Counter());
this.put(ACLType.FIXED, new Counter());
this.put(ACLType.GLOBAL, new Counter());
this.put(ACLType.LAYERED, new Counter());
this.put(ACLType.OLD, new Counter());
this.put(ACLType.SHARED, new Counter());
}
void add(ACLType type, Counter c)
{
Counter counter = get(type);
counter.add(c.getCounter());
}
void increment(ACLType type)
{
Counter counter = get(type);
counter.increment();
}
void add(CounterSet other)
{
add(ACLType.DEFINING, other.get(ACLType.DEFINING));
add(ACLType.FIXED, other.get(ACLType.FIXED));
add(ACLType.GLOBAL, other.get(ACLType.GLOBAL));
add(ACLType.LAYERED, other.get(ACLType.LAYERED));
add(ACLType.OLD, other.get(ACLType.OLD));
add(ACLType.SHARED, other.get(ACLType.SHARED));
}
}
private class Counter
{
int counter;
void increment()
{
counter++;
}
int getCounter()
{
return counter;
}
void add(int i)
{
counter += i;
}
}
private DbAccessControlList getAclAsSystem(final int version, final String path)
{
return AuthenticationUtil.runAs(new RunAsWork<DbAccessControlList>(){
public DbAccessControlList doWork() throws Exception
{
return fAVMRepository.getACL(version, path);
}}, AuthenticationUtil.getSystemUserName());
}
private void setAclAsSystem(final String path, final DbAccessControlList acl)
{
AuthenticationUtil.runAs(new RunAsWork<Object>(){
public Object doWork() throws Exception
{
fAVMRepository.setACL(path, acl);
return null;
}}, AuthenticationUtil.getSystemUserName());
}
}

494
source/java/org/alfresco/repo/domain/hibernate/AbstractPermissionsDaoComponentImpl.java Normal file
View File

@@ -0,0 +1,494 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.domain.hibernate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.repo.domain.AccessControlListDAO;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.security.permissions.ACEType;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.repo.security.permissions.NodePermissionEntry;
import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.SimpleAccessControlEntry;
import org.alfresco.repo.security.permissions.impl.AclChange;
import org.alfresco.repo.security.permissions.impl.AclDaoComponent;
import org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent;
import org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry;
import org.alfresco.repo.security.permissions.impl.SimplePermissionEntry;
import org.alfresco.repo.transaction.TransactionalDao;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.util.GUID;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
public abstract class AbstractPermissionsDaoComponentImpl implements PermissionsDaoComponent, TransactionalDao
{
private static Log logger = LogFactory.getLog(AbstractPermissionsDaoComponentImpl.class);
protected static final boolean INHERIT_PERMISSIONS_DEFAULT = true;
protected AclDaoComponent aclDaoComponent;
private Map<String, AccessControlListDAO> fProtocolToACLDAO;
private AccessControlListDAO fDefaultACLDAO;
/** a uuid identifying this unique instance */
private String uuid;
AbstractPermissionsDaoComponentImpl()
{
this.uuid = GUID.generate();
}
public AclDaoComponent getAclDaoComponent()
{
return aclDaoComponent;
}
public void setAclDaoComponent(AclDaoComponent aclDaoComponent)
{
this.aclDaoComponent = aclDaoComponent;
}
/**
* Checks equality by type and uuid
*/
public boolean equals(Object obj)
{
if (obj == null)
{
return false;
}
else if (!(obj instanceof AbstractPermissionsDaoComponentImpl))
{
return false;
}
AbstractPermissionsDaoComponentImpl that = (AbstractPermissionsDaoComponentImpl) obj;
return this.uuid.equals(that.uuid);
}
/**
* @see #uuid
*/
public int hashCode()
{
return uuid.hashCode();
}
/**
* Does this <tt>Session</tt> contain any changes which must be synchronized with the store?
*
* @return true => changes are pending
*/
public boolean isDirty()
{
return aclDaoComponent.isDirty();
}
/**
* Just flushes the session
*/
public void flush()
{
aclDaoComponent.flush();
}
/**
* NO-OP
*/
public void beforeCommit()
{
aclDaoComponent.beforeCommit();
}
public void setProtocolToACLDAO(Map<String, AccessControlListDAO> map)
{
fProtocolToACLDAO = map;
}
public void setDefaultACLDAO(AccessControlListDAO defaultACLDAO)
{
fDefaultACLDAO = defaultACLDAO;
}
/**
* Helper to choose appropriate NodeService for the given NodeRef
*
* @param nodeRef
* The NodeRef to dispatch from.
* @return The appropriate NodeService.
*/
protected AccessControlListDAO getACLDAO(NodeRef nodeRef)
{
AccessControlListDAO ret = fProtocolToACLDAO.get(nodeRef.getStoreRef().getProtocol());
if (ret == null)
{
return fDefaultACLDAO;
}
return ret;
}
protected DbAccessControlList getAccessControlList(NodeRef nodeRef)
{
DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
return acl;
}
protected CreationReport getMutableAccessControlList(NodeRef nodeRef)
{
DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
if (acl == null)
{
return createAccessControlList(nodeRef, INHERIT_PERMISSIONS_DEFAULT, null);
}
else
{
switch (acl.getAclType())
{
case FIXED:
case GLOBAL:
case SHARED:
case LAYERED:
// We can not set an ACL on node that has one of these types so we need to make a new one ....
return createAccessControlList(nodeRef, INHERIT_PERMISSIONS_DEFAULT, acl);
case DEFINING:
case OLD:
default:
// Force a copy on write if one is required
getACLDAO(nodeRef).forceCopy(nodeRef);
return new CreationReport(acl, Collections.<AclChange> emptyList());
}
}
}
public NodePermissionEntry getPermissions(NodeRef nodeRef)
{
// Create the object if it is not found.
// Null objects are not cached in hibernate
// If the object does not exist it will repeatedly query to check its
// non existence.
NodePermissionEntry npe = null;
DbAccessControlList acl = null;
try
{
acl = getAccessControlList(nodeRef);
}
catch (InvalidNodeRefException e)
{
// Do nothing.
}
if (acl == null)
{
// there isn't an access control list for the node - spoof a null one
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections.<SimplePermissionEntry> emptySet());
npe = snpe;
}
else
{
npe = createSimpleNodePermissionEntry(nodeRef);
}
// done
if (logger.isDebugEnabled())
{
logger.debug("Got NodePermissionEntry for node: \n" + " node: " + nodeRef + "\n" + " acl: " + npe);
}
return npe;
}
@SuppressWarnings("unchecked")
public Map<NodeRef, Set<AccessPermission>> getAllSetPermissions(final String authority)
{
throw new UnsupportedOperationException();
}
public Set<NodeRef> findNodeByPermission(final String authority, final PermissionReference permission, final boolean allow)
{
throw new UnsupportedOperationException();
}
// Utility methods to create simple detached objects for the outside world
// We do not pass out the hibernate objects
private SimpleNodePermissionEntry createSimpleNodePermissionEntry(NodeRef nodeRef)
{
DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
if (acl == null)
{
// there isn't an access control list for the node - spoof a null one
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections.<SimplePermissionEntry> emptySet());
return snpe;
}
else
{
AccessControlList info = aclDaoComponent.getAccessControlList(acl.getId());
HashSet<SimplePermissionEntry> spes = new HashSet<SimplePermissionEntry>(info.getEntries().size(), 1.0f);
for (AccessControlEntry entry : info.getEntries())
{
SimplePermissionEntry spe = new SimplePermissionEntry(nodeRef, entry.getPermission(), entry.getAuthority(), entry.getAccessStatus());
spes.add(spe);
}
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, acl.getInherits(), spes);
return snpe;
}
}
public boolean getInheritParentPermissions(NodeRef nodeRef)
{
DbAccessControlList acl = null;
try
{
acl = getAccessControlList(nodeRef);
}
catch (InvalidNodeRefException e)
{
return INHERIT_PERMISSIONS_DEFAULT;
}
if (acl == null)
{
return INHERIT_PERMISSIONS_DEFAULT;
}
else
{
return aclDaoComponent.getAccessControlListProperties(acl.getId()).getInherits();
}
}
@SuppressWarnings("unchecked")
public void deletePermissions(String authority)
{
@SuppressWarnings("unused")
List<AclChange> changes = aclDaoComponent.deleteAccessControlEntries(authority);
// ignore changes - deleting an authority does not casue all acls to version
}
public void deletePermissions(NodeRef nodeRef, final String authority)
{
DbAccessControlList acl = null;
try
{
acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
}
catch (InvalidNodeRefException e)
{
return;
}
switch (acl.getAclType())
{
case FIXED:
case GLOBAL:
case SHARED:
throw new IllegalStateException("Can not delete from this acl in a node context " + acl.getAclType());
case DEFINING:
case LAYERED:
case OLD:
default:
CreationReport report = getMutableAccessControlList(nodeRef);
SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
pattern.setAuthority(authority);
List<AclChange> changes = aclDaoComponent.deleteAccessControlEntries(report.getCreated().getId(), pattern);
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
break;
}
}
/**
* Deletes all permission entries (access control list entries) that match the given criteria. Note that the access
* control list for the node is not deleted.
*/
public void deletePermission(NodeRef nodeRef, String authority, PermissionReference permission)
{
DbAccessControlList acl = null;
try
{
acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
}
catch (InvalidNodeRefException e)
{
return;
}
switch (acl.getAclType())
{
case FIXED:
case GLOBAL:
case SHARED:
throw new IllegalStateException("Can not delete from this acl in a node context " + acl.getAclType());
case DEFINING:
case LAYERED:
case OLD:
default:
CreationReport report = getMutableAccessControlList(nodeRef);
SimpleAccessControlEntry pattern = new SimpleAccessControlEntry();
pattern.setAuthority(authority);
pattern.setPermission(permission);
List<AclChange> changes = aclDaoComponent.deleteAccessControlEntries(report.getCreated().getId(), pattern);
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
break;
}
}
public void setPermission(NodeRef nodeRef, String authority, PermissionReference permission, boolean allow)
{
CreationReport report = null;
try
{
report = getMutableAccessControlList(nodeRef);
}
catch (InvalidNodeRefException e)
{
return;
}
if (report.getCreated() != null)
{
SimpleAccessControlEntry entry = new SimpleAccessControlEntry();
entry.setAuthority(authority);
entry.setPermission(permission);
entry.setAccessStatus(allow ? AccessStatus.ALLOWED : AccessStatus.DENIED);
entry.setAceType(ACEType.ALL);
List<AclChange> changes = aclDaoComponent.setAccessControlEntry(report.getCreated().getId(), entry);
List<AclChange> all = new ArrayList<AclChange>(changes.size() + report.getChanges().size());
all.addAll(report.getChanges());
all.addAll(changes);
getACLDAO(nodeRef).updateChangedAcls(nodeRef, all);
}
}
public void setPermission(PermissionEntry permissionEntry)
{
setPermission(permissionEntry.getNodeRef(), permissionEntry.getAuthority(), permissionEntry.getPermissionReference(), permissionEntry.isAllowed());
}
public void setPermission(NodePermissionEntry nodePermissionEntry)
{
NodeRef nodeRef = nodePermissionEntry.getNodeRef();
// Get the access control list
// Note the logic here requires to know whether it was created or not
DbAccessControlList existing = getAccessControlList(nodeRef);
if (existing != null)
{
deletePermissions(nodeRef);
}
// create the access control list
CreationReport report = createAccessControlList(nodeRef, nodePermissionEntry.inheritPermissions(), existing);
// add all entries
for (PermissionEntry pe : nodePermissionEntry.getPermissionEntries())
{
SimpleAccessControlEntry entry = new SimpleAccessControlEntry();
entry.setAuthority(pe.getAuthority());
entry.setPermission(pe.getPermissionReference());
entry.setAccessStatus(pe.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
entry.setAceType(ACEType.ALL);
List<AclChange> changes = aclDaoComponent.setAccessControlEntry(report.getCreated().getId(), entry);
List<AclChange> all = new ArrayList<AclChange>(changes.size() + report.getChanges().size());
all.addAll(report.getChanges());
all.addAll(changes);
getACLDAO(nodeRef).updateChangedAcls(nodeRef, all);
}
}
public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)
{
DbAccessControlList acl = getAccessControlList(nodeRef);
if ((acl == null) && (inheritParentPermissions == INHERIT_PERMISSIONS_DEFAULT))
{
return;
}
if ((acl != null) && (acl.getInherits() == inheritParentPermissions))
{
return;
}
CreationReport report = getMutableAccessControlList(nodeRef);
List<AclChange> changes;
if (!inheritParentPermissions)
{
changes = aclDaoComponent.disableInheritance(report.getCreated().getId(), false);
}
else
{
// TODO: Find inheritance
changes = aclDaoComponent.enableInheritance(report.getCreated().getId(), null);
}
List<AclChange> all = new ArrayList<AclChange>(changes.size() + report.getChanges().size());
all.addAll(report.getChanges());
all.addAll(changes);
getACLDAO(nodeRef).updateChangedAcls(nodeRef, all);
}
protected abstract CreationReport createAccessControlList(NodeRef nodeRef, boolean inherit, DbAccessControlList existing);
static class CreationReport
{
DbAccessControlList created;
List<AclChange> changes;
CreationReport(DbAccessControlList created, List<AclChange> changes)
{
this.created = created;
this.changes = changes;
}
public void setChanges(List<AclChange> changes)
{
this.changes = changes;
}
public void setCreated(DbAccessControlList created)
{
this.created = created;
}
public List<AclChange> getChanges()
{
return changes;
}
public DbAccessControlList getCreated()
{
return created;
}
}
}

1736
source/java/org/alfresco/repo/domain/hibernate/AclDaoComponentImpl.java Normal file
View File

File diff suppressed because it is too large Load Diff

163
source/java/org/alfresco/repo/domain/hibernate/DbAccessControlEntryContextImpl.java Normal file
View File

@@ -0,0 +1,163 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.domain.hibernate;
import java.io.Serializable;
import org.alfresco.repo.domain.DbAccessControlEntryContext;
public class DbAccessControlEntryContextImpl implements DbAccessControlEntryContext, Serializable
{
/**
*
*/
private static final long serialVersionUID = -4479587461724827683L;
private String classContext;
private String kvpContext;
private String propertyContext;
private Long id;
private Long version;
@Override
public String toString()
{
StringBuilder sb = new StringBuilder(128);
sb.append("DbAccessControlEntryContextImpl").append("[ id=").append(id).append(", version=").append(version).append(", classContext=").append(classContext).append(
", kvpContext=").append(kvpContext).append(", propertyContext=").append(propertyContext);
return sb.toString();
}
@Override
public int hashCode()
{
final int PRIME = 31;
int result = 1;
result = PRIME * result + ((classContext == null) ? 0 : classContext.hashCode());
result = PRIME * result + ((kvpContext == null) ? 0 : kvpContext.hashCode());
result = PRIME * result + ((propertyContext == null) ? 0 : propertyContext.hashCode());
return result;
}
@Override
public boolean equals(Object obj)
{
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
final DbAccessControlEntryContextImpl other = (DbAccessControlEntryContextImpl) obj;
if (classContext == null)
{
if (other.classContext != null)
return false;
}
else if (!classContext.equals(other.classContext))
return false;
if (kvpContext == null)
{
if (other.kvpContext != null)
return false;
}
else if (!kvpContext.equals(other.kvpContext))
return false;
if (propertyContext == null)
{
if (other.propertyContext != null)
return false;
}
else if (!propertyContext.equals(other.propertyContext))
return false;
return true;
}
public String getClassContext()
{
return classContext;
}
public Long getId()
{
return id;
}
public String getKvpContext()
{
return kvpContext;
}
public String getPropertyContext()
{
return propertyContext;
}
public Long getVersion()
{
return version;
}
public void setClassContext(String classContext)
{
this.classContext = classContext;
}
public void setKvpContext(String kvpContext)
{
this.kvpContext = kvpContext;
}
public void setPropertyContext(String propertyContext)
{
this.propertyContext = propertyContext;
}
/**
* For Hibernate use
*/
@SuppressWarnings("unused")
private void setId(Long id)
{
this.id = id;
}
/**
* For Hibernate use
*/
@SuppressWarnings("unused")
private void setVersion(Long version)
{
this.version = version;
}
}

166
source/java/org/alfresco/repo/domain/hibernate/DbAccessControlEntryImpl.java
View File

@@ -27,32 +27,41 @@ package org.alfresco.repo.domain.hibernate;
import java.io.Serializable;
import org.alfresco.repo.domain.DbAccessControlEntry;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.domain.DbAccessControlEntryContext;
import org.alfresco.repo.domain.DbAuthority;
import org.alfresco.repo.domain.DbPermission;
import org.alfresco.util.EqualsHelper;
import org.alfresco.repo.domain.DbPermissionKey;
import org.alfresco.repo.security.permissions.ACEType;
import org.alfresco.service.namespace.QName;
import org.hibernate.CallbackException;
import org.hibernate.Session;
/**
* Persisted permission entries
*
* @author andyh
*/
public class DbAccessControlEntryImpl extends LifecycleAdapter
implements DbAccessControlEntry, Serializable
public class DbAccessControlEntryImpl implements DbAccessControlEntry, Serializable
{
private static final long serialVersionUID = -418837862334064582L;
private Long id;
private Long version;
/** The container of these entries */
private DbAccessControlList accessControlList;
/** The permission to which this applies (non null - all is a special string) */
private DbPermission permission;
/** The recipient to which this applies (non null - all is a special string) */
private DbAuthority authority;
/** Is this permission allowed? */
private boolean allowed;
private int aceType;
private DbAccessControlEntryContext context;
public DbAccessControlEntryImpl()
{
super();
@@ -62,58 +71,69 @@ public class DbAccessControlEntryImpl extends LifecycleAdapter
public String toString()
{
StringBuilder sb = new StringBuilder(128);
sb.append("DbAccessControlEntryImpl")
.append("[ id=").append(id)
.append(", acl=").append(accessControlList.getId())
.append(", permission=").append(permission.getKey())
.append(", authority=").append(authority.getRecipient())
.append("]");
sb.append("DbAccessControlEntryImpl").append("[ id=").append(id).append(", version=").append(version).append(", permission=").append(permission.getKey()).append(
", authority=").append(authority.getAuthority()).append(", allowed=").append(allowed).append(", authorityDeleted=").append(", aceType=")
.append(ACEType.getACETypeFromId(aceType)).append(", context=").append(context).append("]");
return sb.toString();
}
@Override
public boolean equals(Object o)
{
if (this == o)
{
return true;
}
if (!(o instanceof DbAccessControlEntry))
{
return false;
}
DbAccessControlEntry other = (DbAccessControlEntry) o;
if (EqualsHelper.nullSafeEquals(id, other.getId()))
{
return true;
}
else
{
return (EqualsHelper.nullSafeEquals(this.permission, other.getPermission())
&& EqualsHelper.nullSafeEquals(this.authority, other.getAuthority()));
}
}
@Override
public int hashCode()
{
int hashCode = 0;
if (permission != null)
final int PRIME = 31;
int result = 1;
result = PRIME * result + aceType;
result = PRIME * result + (allowed ? 1231 : 1237);
result = PRIME * result + ((authority == null) ? 0 : authority.hashCode());
result = PRIME * result + ((context == null) ? 0 : context.hashCode());
result = PRIME * result + ((permission == null) ? 0 : permission.hashCode());
return result;
}
@Override
public boolean equals(Object obj)
{
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
final DbAccessControlEntryImpl other = (DbAccessControlEntryImpl) obj;
if (aceType != other.aceType)
return false;
if (allowed != other.allowed)
return false;
if (authority == null)
{
hashCode = hashCode * 37 + permission.hashCode();
if (other.authority != null)
return false;
}
if (authority != null)
else if (!authority.equals(other.authority))
return false;
if (context == null)
{
hashCode = hashCode * 37 + authority.hashCode();
if (other.context != null)
return false;
}
return hashCode;
else if (!context.equals(other.context))
return false;
if (permission == null)
{
if (other.permission != null)
return false;
}
else if (!permission.equals(other.permission))
return false;
return true;
}
public Long getId()
{
return id;
}
/**
* For Hibernate use
*/
@@ -137,16 +157,6 @@ public class DbAccessControlEntryImpl extends LifecycleAdapter
this.version = version;
}
public DbAccessControlList getAccessControlList()
{
return accessControlList;
}
public void setAccessControlList(DbAccessControlList nodePermissionEntry)
{
this.accessControlList = nodePermissionEntry;
}
public DbPermission getPermission()
{
return permission;
@@ -177,12 +187,54 @@ public class DbAccessControlEntryImpl extends LifecycleAdapter
this.allowed = allowed;
}
public ACEType getAceType()
{
return ACEType.getACETypeFromId(aceType);
}
public void setAceType(ACEType aceType)
{
this.aceType = aceType.getId();
}
@SuppressWarnings("unused")
private void setApplies(int applies)
{
this.aceType = applies;
}
@SuppressWarnings("unused")
private int getApplies()
{
return aceType;
}
public DbAccessControlEntryContext getContext()
{
return context;
}
public void setContext(DbAccessControlEntryContext context)
{
this.context = context;
}
public void delete()
{
// remove the instance from the access control list
@SuppressWarnings("unused")
boolean removed = getAccessControlList().getEntries().remove(this);
// delete the instance
getSession().delete(this);
throw new UnsupportedOperationException("TODO");
}
public static DbAccessControlEntry find(Session session, ACEType type, boolean allow, String authority, DbPermissionKey permissionKey)
{
// Query query = session
// .getNamedQuery(PermissionsDaoComponentImpl.QUERY_GET_PERMISSION)
// .setString("permissionTypeQName", qname.toString())
// .setString("permissionName", name);
// return (DbPermission) query.uniqueResult();
throw new UnsupportedOperationException("TODO");
}
}

81
source/java/org/alfresco/repo/domain/hibernate/DbAccessControlListChangeSetImpl.java Normal file
View File

@@ -0,0 +1,81 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.domain.hibernate;
import java.io.Serializable;
import org.alfresco.repo.domain.DbAccessControlListChangeSet;
public class DbAccessControlListChangeSetImpl implements DbAccessControlListChangeSet, Serializable
{
/**
*
*/
private static final long serialVersionUID = 3433168181194696611L;
private Long id;
private Long version;
@Override
public String toString()
{
StringBuilder sb = new StringBuilder(128);
sb.append("DBAccessControlListChangeSetImpl")
.append("[ id=").append(id)
.append(", version=").append(version)
.append("]");
return sb.toString();
}
public Long getId()
{
return id;
}
public Long getVersion()
{
return version;
}
/**
* For Hibernate use
*/
@SuppressWarnings("unused")
private void setId(Long id)
{
this.id = id;
}
/**
* For Hibernate use
*/
@SuppressWarnings("unused")
private void setVersion(Long version)
{
this.version = version;
}
}

307
source/java/org/alfresco/repo/domain/hibernate/DbAccessControlListImpl.java
View File

@@ -26,80 +26,102 @@ package org.alfresco.repo.domain.hibernate;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.Map;
import org.alfresco.repo.domain.DbAccessControlEntry;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.domain.DbAccessControlListChangeSet;
import org.alfresco.repo.domain.DbAccessControlListMember;
import org.alfresco.repo.domain.DbAuthority;
import org.alfresco.repo.domain.DbPermission;
import org.alfresco.repo.domain.DbPermissionKey;
import org.alfresco.repo.security.permissions.ACLCopyMode;
import org.alfresco.repo.security.permissions.ACLType;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.SimpleAccessControlListProperties;
import org.alfresco.repo.security.permissions.impl.AclDaoComponent;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hibernate.CallbackException;
import org.hibernate.Query;
import org.hibernate.Session;
import org.springframework.orm.hibernate3.HibernateCallback;
/**
* The hibernate persisted class for node permission entries.
*
* @author andyh
*/
public class DbAccessControlListImpl extends LifecycleAdapter
implements DbAccessControlList, Serializable
public class DbAccessControlListImpl extends LifecycleAdapter implements DbAccessControlList, Serializable
{
private static AclDaoComponent s_aclDaoComponent;
private static final long serialVersionUID = 3123277428227075648L;
private static Log logger = LogFactory.getLog(DbAccessControlListImpl.class);
private Long id;
private Long version;
private Set<DbAccessControlEntry> entries;
private String aclId;
private long aclVersion;
private boolean latest;
private boolean inherits;
private int aclType;
private Long inheritedAclId;
private boolean versioned;
private DbAccessControlListChangeSet aclChangeSet;
private Long inheritsFrom;
private boolean requiresVersion;
public static void setAclDaoComponent(AclDaoComponent aclDaoComponent)
{
s_aclDaoComponent = aclDaoComponent;
}
public DbAccessControlListImpl()
{
entries = new HashSet<DbAccessControlEntry>(5);
}
@Override
public String toString()
{
StringBuilder sb = new StringBuilder(128);
sb.append("DbAccessControlListImpl")
.append("[ id=").append(id)
.append(", entries=").append(entries.size())
.append(", inherits=").append(inherits)
.append("]");
sb.append("DbAccessControlListImpl").append("[ id=").append(id).append(", version=").append(version).append(", aclId=").append(aclId).append(", aclVersion=").append(
aclVersion).append(", latest=").append(latest).append(", inherits=").append(inherits).append(", aclType=").append(ACLType.getACLTypeFromId(aclType)).append(
", inheritedAclId=").append(inheritedAclId).append(", versioned=").append(versioned).append(", changesetId=").append(aclChangeSet).append(", inheritsFrom=")
.append(inheritsFrom).append(", requiresVersion=").append(requiresVersion).append("]");
return sb.toString();
}
/**
* Support cascade delete of ACLs from DM nodes (which cascade delete the ACL)
*/
@Override
public boolean equals(Object o)
public boolean onDelete(Session session) throws CallbackException
{
if (this == o)
{
return true;
}
if (!(o instanceof DbAccessControlList))
{
return false;
}
DbAccessControlList other = (DbAccessControlList) o;
return (this.inherits == other.getInherits());
}
@Override
public int hashCode()
{
return (inherits == false ? 0 : 17);
s_aclDaoComponent.onDeleteAccessControlList(id);
return super.onDelete(session);
}
public Long getId()
{
return id;
}
/**
* Hibernate use
*/
@@ -123,20 +145,6 @@ public class DbAccessControlListImpl extends LifecycleAdapter
this.version = version;
}
public Set<DbAccessControlEntry> getEntries()
{
return entries;
}
/**
* For Hibernate use
*/
@SuppressWarnings("unused")
private void setEntries(Set<DbAccessControlEntry> entries)
{
this.entries = entries;
}
public boolean getInherits()
{
return inherits;
@@ -147,130 +155,131 @@ public class DbAccessControlListImpl extends LifecycleAdapter
this.inherits = inherits;
}
/**
* @see #deleteEntry(String, DbPermissionKey)
*/
public int deleteEntriesForAuthority(String authority)
public String getAclId()
{
return deleteEntry(authority, null);
return aclId;
}
public void setAclId(String aclId)
{
this.aclId = aclId;
}
public ACLType getAclType()
{
return ACLType.getACLTypeFromId(aclType);
}
public void setAclType(ACLType aclType)
{
this.aclType = aclType.getId();
}
/**
* @see #deleteEntry(String, DbPermissionKey)
* Hibernate
*/
public int deleteEntriesForPermission(DbPermissionKey permissionKey)
private int getType()
{
return deleteEntry(null, permissionKey);
return aclType;
}
public int deleteEntry(String authority, DbPermissionKey permissionKey)
private void setType(int aclType)
{
List<DbAccessControlEntry> toDelete = new ArrayList<DbAccessControlEntry>(2);
for (DbAccessControlEntry entry : entries)
{
if (authority != null && !authority.equals(entry.getAuthority().getRecipient()))
{
// authority is not a match
continue;
}
else if (permissionKey != null && !permissionKey.equals(entry.getPermission().getKey()))
{
// permission is not a match
continue;
}
toDelete.add(entry);
}
// delete them
for (DbAccessControlEntry entry : toDelete)
{
// remove from the entry list
entry.delete();
}
// Fix issues with deleting and adding permissions
// See AR-918
this.getSession().flush();
// done
if (logger.isDebugEnabled())
{
logger.debug("Deleted " + toDelete.size() + " access entries: \n" +
" access control list: " + id + "\n" +
" authority: " + authority + "\n" +
" permission: " + permissionKey);
}
return toDelete.size();
this.aclType = aclType;
}
public int deleteEntries()
public long getAclVersion()
{
/*
* We don't do the full delete-remove-from-set thing here. Just delete each child entity
* and then clear the entry set.
*/
Session session = getSession();
List<DbAccessControlEntry> toDelete = new ArrayList<DbAccessControlEntry>(entries);
// delete each entry
for (DbAccessControlEntry entry : toDelete)
{
session.delete(entry);
}
// clear the list
int count = entries.size();
entries.clear();
// done
if (logger.isDebugEnabled())
{
logger.debug("Deleted " + count + " access entries for access control list " + this.id);
}
return count;
return aclVersion;
}
public DbAccessControlEntry getEntry(String authority, DbPermissionKey permissionKey)
public void setAclVersion(long aclVersion)
{
for (DbAccessControlEntry entry : entries)
{
DbAuthority authorityEntity = entry.getAuthority();
DbPermission permissionEntity = entry.getPermission();
// check for a match
if (authorityEntity.getRecipient().equals(authority)
&& permissionEntity.getKey().equals(permissionKey))
{
// found it
return entry;
}
}
return null;
this.aclVersion = aclVersion;
}
public DbAccessControlEntryImpl newEntry(DbPermission permission, DbAuthority authority, boolean allowed)
public Long getInheritedAclId()
{
DbAccessControlEntryImpl accessControlEntry = new DbAccessControlEntryImpl();
// fill
accessControlEntry.setAccessControlList(this);
accessControlEntry.setPermission(permission);
accessControlEntry.setAuthority(authority);
accessControlEntry.setAllowed(allowed);
// save it
getSession().save(accessControlEntry);
// maintain inverse set on the acl
getEntries().add(accessControlEntry);
// done
return accessControlEntry;
return inheritedAclId;
}
/**
* Make a copy of this ACL.
* @return The copy.
*/
public DbAccessControlList getCopy()
public void setInheritedAclId(Long inheritedAclId)
{
DbAccessControlList newAcl =
new DbAccessControlListImpl();
getSession().save(newAcl);
for (DbAccessControlEntry entry : entries)
this.inheritedAclId = inheritedAclId;
}
public boolean isLatest()
{
return latest;
}
public void setLatest(boolean latest)
{
this.latest = latest;
}
public boolean isVersioned()
{
return versioned;
}
public void setVersioned(boolean versioned)
{
this.versioned = versioned;
}
public DbAccessControlListChangeSet getAclChangeSet()
{
return aclChangeSet;
}
public void setAclChangeSet(DbAccessControlListChangeSet aclChangeSet)
{
this.aclChangeSet = aclChangeSet;
}
public static DbAccessControlList find(Session session)
{
// TODO: Needs to use a query
throw new UnsupportedOperationException("TODO");
}
public Long getInheritsFrom()
{
return inheritsFrom;
}
public void setInheritsFrom(Long id)
{
this.inheritsFrom = id;
}
public DbAccessControlList getCopy(Long parentAcl, ACLCopyMode mode)
{
return s_aclDaoComponent.getDbAccessControlListCopy(this.getId(), parentAcl, mode);
}
public static DbAccessControlList createLayeredAcl(Long indirectedAcl)
{
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.LAYERED);
Long id = s_aclDaoComponent.createAccessControlList(properties);
if (indirectedAcl != null)
{
newAcl.newEntry(entry.getPermission(), entry.getAuthority(), entry.isAllowed());
s_aclDaoComponent.mergeInheritedAccessControlList(indirectedAcl, id);
}
return newAcl;
return s_aclDaoComponent.getDbAccessControlList(id);
}
public boolean getRequiresVersion()
{
return requiresVersion;
}
public void setRequiresVersion(boolean requiresVersion)
{
this.requiresVersion = requiresVersion;
}
}

175
source/java/org/alfresco/repo/domain/hibernate/DbAccessControlListMemberImpl.java Normal file
View File

@@ -0,0 +1,175 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.domain.hibernate;
import java.io.Serializable;
import org.alfresco.repo.domain.DbAccessControlEntry;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.domain.DbAccessControlListMember;
import org.hibernate.Session;
/**
* Hibernate support to store acl-acxe entries
*/
public class DbAccessControlListMemberImpl implements DbAccessControlListMember, Serializable
{
/**
*
*/
private static final long serialVersionUID = 1L;
private Long id;
private Long version;
private DbAccessControlList acl;
private DbAccessControlEntry ace;
private int position;
@Override
public String toString()
{
StringBuilder sb = new StringBuilder(128);
sb.append("DbAccessControlListMemberImpl").append("[ id=").append(id).append(", version=").append(version).append(", acl=").append(acl).append(", ace=").append(ace)
.append(", position=").append(position).append("]");
return sb.toString();
}
@Override
public int hashCode()
{
final int PRIME = 31;
int result = 1;
result = PRIME * result + ((ace == null) ? 0 : ace.hashCode());
result = PRIME * result + ((acl == null) ? 0 : acl.hashCode());
result = PRIME * result + position;
return result;
}
@Override
public boolean equals(Object obj)
{
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
final DbAccessControlListMemberImpl other = (DbAccessControlListMemberImpl) obj;
if (ace == null)
{
if (other.ace != null)
return false;
}
else if (!ace.equals(other.ace))
return false;
if (acl == null)
{
if (other.acl != null)
return false;
}
else if (!acl.equals(other.acl))
return false;
if (position != other.position)
return false;
return true;
}
public DbAccessControlEntry getAccessControlEntry()
{
return ace;
}
public DbAccessControlList getAccessControlList()
{
return acl;
}
public Long getId()
{
return id;
}
public int getPosition()
{
return position;
}
public Long getVersion()
{
return version;
}
public void setAccessControlEntry(DbAccessControlEntry ace)
{
this.ace = ace;
}
public void setAccessControlList(DbAccessControlList acl)
{
this.acl = acl;
}
public void setPosition(int position)
{
this.position = position;
}
@SuppressWarnings("unused")
private void setId(Long id)
{
this.id = id;
}
/**
* For Hibernate use
*/
@SuppressWarnings("unused")
private void setVersion(Long version)
{
this.version = version;
}
/**
*
* @param session
* @param acl => can be null - implies all entries that match ace
* @param ace => can be null - implies all entries that match acl
* @param position => -1 is all positions
*
* Note: both acl and ace may not be null;
*
* @return
*/
public static DbAccessControlListMember find(Session session, DbAccessControlList acl, DbAccessControlEntry ace, int position)
{
// TODO: Needs to use a query
throw new UnsupportedOperationException("TODO");
}
}

155
source/java/org/alfresco/repo/domain/hibernate/DbAuthorityAliasImpl.java Normal file
View File

@@ -0,0 +1,155 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.domain.hibernate;
import java.io.Serializable;
import org.alfresco.repo.domain.DbAuthority;
import org.alfresco.repo.domain.DbAuthorityAlias;
import org.hibernate.Session;
public class DbAuthorityAliasImpl implements DbAuthorityAlias, Serializable
{
/**
*
*/
private static final long serialVersionUID = -774180120537804154L;
private Long id;
private Long version;
private DbAuthority authority;
private DbAuthority alias;
@Override
public String toString()
{
StringBuilder sb = new StringBuilder(128);
sb.append("DbAuthorityAliasImpl")
.append("[ id=").append(id)
.append(", version=").append(version)
.append(", authority=").append(authority)
.append(", alias=").append(alias)
.append("]");
return sb.toString();
}
@Override
public int hashCode()
{
final int PRIME = 31;
int result = 1;
result = PRIME * result + ((alias == null) ? 0 : alias.hashCode());
result = PRIME * result + ((authority == null) ? 0 : authority.hashCode());
return result;
}
@Override
public boolean equals(Object obj)
{
if (this == obj)
return true;
if (obj == null)
return false;
if (getClass() != obj.getClass())
return false;
final DbAuthorityAliasImpl other = (DbAuthorityAliasImpl) obj;
if (alias == null)
{
if (other.alias != null)
return false;
}
else if (!alias.equals(other.alias))
return false;
if (authority == null)
{
if (other.authority != null)
return false;
}
else if (!authority.equals(other.authority))
return false;
return true;
}
public DbAuthority getAlias()
{
return alias;
}
public DbAuthority getAuthority()
{
return authority;
}
public Long getId()
{
return id;
}
public Long getVersion()
{
return version;
}
public void setAlias(DbAuthority alias)
{
this.alias = alias;
}
public void setAuthority(DbAuthority authority)
{
this.authority = authority;
}
/**
* For Hibernate use
*/
@SuppressWarnings("unused")
private void setId(Long id)
{
this.id = id;
}
/**
* For Hibernate use
*/
@SuppressWarnings("unused")
private void setVersion(Long version)
{
this.version = version;
}
/**
* Helper method to find an authority alias based on the authority and alias
*
* @param session the Hibernate session to use
* @param authority the authority name
* @return Returns an existing instance or null if not found
*/
public static DbAuthorityAlias find(Session session, String authority, String alias)
{
// TODO: Needs to use a query
throw new UnsupportedOperationException("TODO");
}
}

81
source/java/org/alfresco/repo/domain/hibernate/DbAuthorityImpl.java
View File

@@ -25,14 +25,11 @@
package org.alfresco.repo.domain.hibernate;
import java.io.Serializable;
import java.util.HashSet;
import java.util.Set;
import org.alfresco.repo.domain.DbAuthority;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hibernate.CallbackException;
import org.hibernate.Query;
import org.hibernate.Session;
/**
@@ -40,20 +37,31 @@ import org.hibernate.Session;
*
* @author andyh
*/
public class DbAuthorityImpl extends LifecycleAdapter
public class DbAuthorityImpl
implements DbAuthority, Serializable
{
private static final long serialVersionUID = -5582068692208928127L;
private static Log logger = LogFactory.getLog(DbAuthorityImpl.class);
private Long id;
private Long version;
private String recipient;
private Set<String> externalKeys;
private String authority;
public DbAuthorityImpl()
{
externalKeys = new HashSet<String>();
}
@Override
public String toString()
{
StringBuilder sb = new StringBuilder(128);
sb.append("DbAuthorityImpl")
.append("[ id=").append(id)
.append(", version=").append(version)
.append(", authority=").append(authority)
.append("]");
return sb.toString();
}
@Override
@@ -68,44 +76,27 @@ public class DbAuthorityImpl extends LifecycleAdapter
return false;
}
DbAuthority other = (DbAuthority)o;
return this.getRecipient().equals(other.getRecipient());
return this.getAuthority().equals(other.getAuthority());
}
@Override
public int hashCode()
{
return getRecipient().hashCode();
return getAuthority().hashCode();
}
public int deleteEntries()
public Long getId()
{
/*
* This can use a delete direct to the database as well, but then care must be taken
* to evict the instances from the session.
*/
// bypass L2 cache and get all entries for this list
Query query = getSession()
.getNamedQuery(PermissionsDaoComponentImpl.QUERY_GET_AC_ENTRIES_FOR_AUTHORITY)
.setString("authorityRecipient", this.recipient);
int count = HibernateHelper.deleteDbAccessControlEntries(getSession(), query);
// done
if (logger.isDebugEnabled())
{
logger.debug("Deleted " + count + " access entries for access control list " + this.recipient);
}
return count;
return id;
}
/**
* Ensures that all this access control list's entries have been deleted.
*/
public boolean onDelete(Session session) throws CallbackException
@SuppressWarnings("unused")
private void setId(Long id)
{
deleteEntries();
return super.onDelete(session);
this.id = id;
}
public Long getVersion()
{
return version;
@@ -120,25 +111,14 @@ public class DbAuthorityImpl extends LifecycleAdapter
this.version = version;
}
public String getRecipient()
public String getAuthority()
{
return recipient;
return authority;
}
public void setRecipient(String recipient)
public void setAuthority(String authority)
{
this.recipient = recipient;
}
public Set<String> getExternalKeys()
{
return externalKeys;
}
// Hibernate
/* package */ void setExternalKeys(Set<String> externalKeys)
{
this.externalKeys = externalKeys;
this.authority = authority;
}
/**
@@ -150,6 +130,7 @@ public class DbAuthorityImpl extends LifecycleAdapter
*/
public static DbAuthority find(Session session, String authority)
{
return (DbAuthority) session.get(DbAuthorityImpl.class, authority);
// TODO: Needs to use a query
throw new UnsupportedOperationException("TODO");
}
}

79
source/java/org/alfresco/repo/domain/hibernate/DbPermissionImpl.java
View File

@@ -41,49 +41,47 @@ import org.hibernate.Session;
*
* @author andyh
*/
public class DbPermissionImpl extends LifecycleAdapter
implements DbPermission, Serializable
{
public class DbPermissionImpl implements DbPermission, Serializable
{
private static final long serialVersionUID = -6352566900815035461L;
private static Log logger = LogFactory.getLog(DbPermissionImpl.class);
private Long id;
private Long version;
private QName typeQname;
private String name;
public DbPermissionImpl()
{
super();
}
@Override
public String toString()
{
StringBuilder sb = new StringBuilder(128);
sb.append("PermissionImpl")
.append("[ id=").append(id)
.append(", typeQname=").append(typeQname)
.append(", name=").append(getName())
.append("]");
sb.append("DbPermissionImpl").append("[ id=").append(id).append(", version=").append(version).append(", typeQname=").append(typeQname).append(", name=").append(getName())
.append("]");
return sb.toString();
}
@Override
public boolean equals(Object o)
{
if(this == o)
if (this == o)
{
return true;
}
if(!(o instanceof DbPermission))
if (!(o instanceof DbPermission))
{
return false;
}
DbPermission other = (DbPermission)o;
return (EqualsHelper.nullSafeEquals(typeQname, other.getTypeQname()))
&& (EqualsHelper.nullSafeEquals(name, other.getName()));
DbPermission other = (DbPermission) o;
return (EqualsHelper.nullSafeEquals(typeQname, other.getTypeQname())) && (EqualsHelper.nullSafeEquals(name, other.getName()));
}
@Override
@@ -91,35 +89,6 @@ public class DbPermissionImpl extends LifecycleAdapter
{
return typeQname.hashCode() + (37 * name.hashCode());
}
public int deleteEntries()
{
/*
* This can use a delete direct to the database as well, but then care must be taken
* to evict the instances from the session.
*/
// bypass L2 cache and get all entries for this list
Query query = getSession()
.getNamedQuery(PermissionsDaoComponentImpl.QUERY_GET_AC_ENTRIES_FOR_PERMISSION)
.setSerializable("permissionId", this.id);
int count = HibernateHelper.deleteDbAccessControlEntries(getSession(), query);
// done
if (logger.isDebugEnabled())
{
logger.debug("Deleted " + count + " access entries for permission " + this.id);
}
return count;
}
/**
* Ensures that all this access control list's entries have been deleted.
*/
public boolean onDelete(Session session) throws CallbackException
{
deleteEntries();
return super.onDelete(session);
}
public Long getId()
{
@@ -168,7 +137,7 @@ public class DbPermissionImpl extends LifecycleAdapter
{
this.name = name;
}
public DbPermissionKey getKey()
{
return new DbPermissionKey(typeQname, name);
@@ -177,17 +146,21 @@ public class DbPermissionImpl extends LifecycleAdapter
/**
* Helper method to find a permission based on its natural key
*
* @param session the Hibernate session to use
* @param qname the type qualified name
* @param name the name of the permission
* @param session
* the Hibernate session to use
* @param qname
* the type qualified name
* @param name
* the name of the permission
* @return Returns an existing instance or null if not found
*/
public static DbPermission find(Session session, QName qname, String name)
{
Query query = session
.getNamedQuery(PermissionsDaoComponentImpl.QUERY_GET_PERMISSION)
.setString("permissionTypeQName", qname.toString())
.setString("permissionName", name);
return (DbPermission) query.uniqueResult();
// Query query = session
// .getNamedQuery(PermissionsDaoComponentImpl.QUERY_GET_PERMISSION)
// .setString("permissionTypeQName", qname.toString())
// .setString("permissionName", name);
// return (DbPermission) query.uniqueResult();
throw new UnsupportedOperationException("TODO");
}
}

237
source/java/org/alfresco/repo/domain/hibernate/NodeAccessControlListDAO.java
View File

@@ -1,88 +1,149 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing" */
package org.alfresco.repo.domain.hibernate;
import org.alfresco.repo.domain.AccessControlListDAO;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.domain.Node;
import org.alfresco.repo.node.db.NodeDaoService;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
/**
* The Node implementation for getting and setting ACLs.
* @author britt
*/
public class NodeAccessControlListDAO extends HibernateDaoSupport implements AccessControlListDAO
{
/**
* The DAO for Nodes.
*/
private NodeDaoService fNodeDAOService;
/**
* Default constructor.
*/
public NodeAccessControlListDAO()
{
}
public void setNodeDaoService(NodeDaoService nodeDAOService)
{
fNodeDAOService = nodeDAOService;
}
/**
* Get the ACL from a node.
* @param nodeRef The reference to the node.
* @return The ACL.
* @throws InvalidNodeRefException
*/
public DbAccessControlList getAccessControlList(NodeRef nodeRef)
{
Node node = fNodeDAOService.getNode(nodeRef);
if (node == null)
{
throw new InvalidNodeRefException(nodeRef);
}
return node.getAccessControlList();
}
/**
* Set the ACL on a node.
* @param nodeRef The reference to the node.
* @param acl The ACL.
* @throws InvalidNodeRefException
*/
public void setAccessControlList(NodeRef nodeRef, DbAccessControlList acl)
{
Node node = fNodeDAOService.getNode(nodeRef);
if (node == null)
{
throw new InvalidNodeRefException(nodeRef);
}
node.setAccessControlList(acl);
}
}
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing" */
package org.alfresco.repo.domain.hibernate;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.alfresco.repo.domain.AccessControlListDAO;
import org.alfresco.repo.domain.ChildAssoc;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.domain.Node;
import org.alfresco.repo.node.db.NodeDaoService;
import org.alfresco.repo.security.permissions.ACLType;
import org.alfresco.repo.security.permissions.impl.AclChange;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* The Node implementation for getting and setting ACLs.
*
* @author britt
*/
public class NodeAccessControlListDAO implements AccessControlListDAO
{
/**
* The DAO for Nodes.
*/
private NodeDaoService fNodeDAOService;
/**
* Default constructor.
*/
public NodeAccessControlListDAO()
{
}
public void setNodeDaoService(NodeDaoService nodeDAOService)
{
fNodeDAOService = nodeDAOService;
}
/**
* Get the ACL from a node.
*
* @param nodeRef
* The reference to the node.
* @return The ACL.
* @throws InvalidNodeRefException
*/
public DbAccessControlList getAccessControlList(NodeRef nodeRef)
{
Node node = fNodeDAOService.getNode(nodeRef);
if (node == null)
{
throw new InvalidNodeRefException(nodeRef);
}
return node.getAccessControlList();
}
/**
* Set the ACL on a node.
*
* @param nodeRef
* The reference to the node.
* @param acl
* The ACL.
* @throws InvalidNodeRefException
*/
public void setAccessControlList(NodeRef nodeRef, DbAccessControlList acl)
{
Node node = fNodeDAOService.getNode(nodeRef);
if (node == null)
{
throw new InvalidNodeRefException(nodeRef);
}
node.setAccessControlList(acl);
}
public void updateChangedAcls(NodeRef startingPoint, List<AclChange> changes)
{
// Nothing to do here
}
public List<AclChange> setInheritanceForChildren(NodeRef parent, Long mergeFrom)
{
// Nothing to do here
return Collections.<AclChange> emptyList();
}
public Long getIndirectAcl(NodeRef nodeRef)
{
return getAccessControlList(nodeRef).getId();
}
public Long getInheritedAcl(NodeRef nodeRef)
{
Node node = fNodeDAOService.getNode(nodeRef);
ChildAssoc ca = fNodeDAOService.getPrimaryParentAssoc(node);
if ((ca != null) && (ca.getParent() != null))
{
DbAccessControlList acl = getAccessControlList(ca.getParent().getNodeRef());
if (acl != null)
{
return acl.getId();
}
else
{
return null;
}
}
else
{
return null;
}
}
public void forceCopy(NodeRef nodeRef)
{
// nothing to do;
}
public Map<ACLType, Integer> patchAcls()
{
throw new UnsupportedOperationException();
}
}

102
source/java/org/alfresco/repo/domain/hibernate/OldADMPermissionsDaoComponentImpl.java Normal file
View File

@@ -0,0 +1,102 @@
/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.domain.hibernate;
import java.util.Collections;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.security.permissions.ACLType;
import org.alfresco.repo.security.permissions.SimpleAccessControlListProperties;
import org.alfresco.repo.security.permissions.impl.AclChange;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
/**
* Support for accessing persisted permission information. This class maps between persisted objects and the external
* API defined in the PermissionsDAO interface.
*
* @author andyh
*/
public class OldADMPermissionsDaoComponentImpl extends AbstractPermissionsDaoComponentImpl
{
private static Log logger = LogFactory.getLog(OldADMPermissionsDaoComponentImpl.class);
/**
*
*/
public OldADMPermissionsDaoComponentImpl()
{
super();
}
/**
* Creates an access control list for the node and removes the entry from the nullPermsionCache.
*/
protected AbstractPermissionsDaoComponentImpl.CreationReport createAccessControlList(NodeRef nodeRef, boolean inherit, DbAccessControlList existing)
{
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.OLD);
properties.setInherits(inherit);
Long id = aclDaoComponent.createAccessControlList(properties);
DbAccessControlList acl = aclDaoComponent.getDbAccessControlList(id);
// maintain inverse
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
// done
if (logger.isDebugEnabled())
{
logger.debug("Created Access Control List: \n" + " node: " + nodeRef + "\n" + " list: " + acl);
}
AbstractPermissionsDaoComponentImpl.CreationReport report = new AbstractPermissionsDaoComponentImpl.CreationReport(acl, Collections.<AclChange>singletonList(new AclDaoComponentImpl.AclChangeImpl(null, id, null, acl.getAclType())));
return report;
}
public void deletePermissions(NodeRef nodeRef)
{
DbAccessControlList acl = null;
try
{
acl = getAccessControlList(nodeRef);
}
catch (InvalidNodeRefException e)
{
return;
}
if (acl != null)
{
// maintain referencial integrity
getACLDAO(nodeRef).setAccessControlList(nodeRef, null);
aclDaoComponent.deleteAccessControlList(acl.getId());
}
}
}

369
source/java/org/alfresco/repo/domain/hibernate/Permission.hbm.xml
View File

@@ -5,6 +5,23 @@
'http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd'>
<hibernate-mapping>
<class
name="org.alfresco.repo.domain.hibernate.DbAccessControlListChangeSetImpl"
proxy="org.alfresco.repo.domain.DbAccessControlListChangeSet"
table="alf_acl_change_set"
dynamic-update="false"
dynamic-insert="false"
select-before-update="false"
lazy="true"
optimistic-lock="version" >
<!-- auto-generated ID -->
<id name="id" column="id" type="long" >
<generator class="native" />
</id>
<!-- Optimistic locking -->
<version column="version" name="version" type="long" />
</class>
<class
name="org.alfresco.repo.domain.hibernate.DbAccessControlListImpl"
proxy="org.alfresco.repo.domain.DbAccessControlList"
@@ -19,67 +36,105 @@
<generator class="native" />
</id>
<version column="version" name="version" type="long" />
<set name="entries"
inverse="true"
lazy="false"
cascade="delete"
optimistic-lock="true"
fetch="join" >
<key column="acl_id" />
<one-to-many class="org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl" />
</set>
<natural-id mutable="true">
<property name="aclId" column="acl_id" type="string" length="36"
not-null="true"/>
<property name="latest" column="latest" type="boolean" not-null="true"/>
<property name="aclVersion" column="acl_version" type="long"
not-null="true"/>
<property name="inherits" column="inherits" type="boolean" not-null="true" />
</class>
<class
name="org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl"
proxy="org.alfresco.repo.domain.DbAccessControlEntry"
table="alf_access_control_entry"
dynamic-insert="false"
dynamic-update="false"
select-before-update="false"
lazy="true"
optimistic-lock="version" >
<id name="id" column="id" type="long" >
<generator class="native" />
</id>
<natural-id mutable="true" >
<many-to-one
name="accessControlList"
class="org.alfresco.repo.domain.hibernate.DbAccessControlListImpl"
column="acl_id"
lazy="no-proxy"
fetch="select"
optimistic-lock="true"
not-null="true" />
<many-to-one
name="permission"
class="org.alfresco.repo.domain.hibernate.DbPermissionImpl"
column="permission_id"
lazy="no-proxy"
fetch="select"
optimistic-lock="true"
not-null="true" />
<many-to-one
name="authority"
class="org.alfresco.repo.domain.hibernate.DbAuthorityImpl"
column="authority_id"
lazy="no-proxy"
fetch="select"
optimistic-lock="true"
not-null="true" />
</natural-id>
<version column="version" name="version" type="long" />
<property name="allowed" column="allowed" type="boolean" not-null="true" />
<property name="inherits" column="inherits" type="boolean" not-null="true" />
<property name="inheritsFrom" column="inherits_from" type="long" not-null="false" />
<property name="type" column="type" type="int" not-null="true" />
<property name="inheritedAclId" column="inherited_acl" type="long" not-null="false" />
<property name="versioned" column="is_versioned" type="boolean" not-null="true" />
<property name="requiresVersion" column="requires_version" type="boolean" not-null="true" />
<many-to-one
name="aclChangeSet"
class="org.alfresco.repo.domain.hibernate.DbAccessControlListChangeSetImpl"
column="acl_change_set"
lazy="proxy"
fetch="select"
unique="false"
not-null="false"
cascade="none" />
</class>
<class
name="org.alfresco.repo.domain.hibernate.DbAccessControlListMemberImpl"
proxy="org.alfresco.repo.domain.DbAccessControlListMember"
table="alf_acl_member" dynamic-insert="false" dynamic-update="false"
select-before-update="false" lazy="true" optimistic-lock="version">
<id name="id" column="id" type="long">
<generator class="native"/>
</id>
<natural-id mutable="true">
<many-to-one name="accessControlList"
class="org.alfresco.repo.domain.hibernate.DbAccessControlListImpl"
column="acl_id" lazy="no-proxy" fetch="select"
optimistic-lock="true" not-null="true"/>
<many-to-one name="accessControlEntry"
class="org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl"
column="ace_id" lazy="no-proxy" fetch="select"
optimistic-lock="true" not-null="true"/>
<property name="position" column="pos" type="int"/>
</natural-id>
<version column="version" name="version" type="long"/>
</class>
<class name="org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl"
proxy="org.alfresco.repo.domain.DbAccessControlEntry"
table="alf_access_control_entry" dynamic-insert="false"
dynamic-update="false" select-before-update="false" lazy="true"
optimistic-lock="version">
<id name="id" column="id" type="long">
<generator class="native"/>
</id>
<natural-id>
<many-to-one name="permission"
class="org.alfresco.repo.domain.hibernate.DbPermissionImpl"
column="permission_id" lazy="no-proxy" fetch="select"
optimistic-lock="true" not-null="true"/>
<many-to-one name="authority"
class="org.alfresco.repo.domain.hibernate.DbAuthorityImpl"
column="authority_id" lazy="no-proxy" fetch="select"
optimistic-lock="true" not-null="true"/>
<property name="allowed" column="allowed" type="boolean"
not-null="true"/>
<property name="applies" column="applies" type="int" not-null="true"/>
<many-to-one name="context"
class="org.alfresco.repo.domain.hibernate.DbAccessControlEntryContextImpl"
column="context_id" lazy="no-proxy" fetch="select"
optimistic-lock="true" not-null="false"/>
</natural-id>
<version column="version" name="version" type="long"/>
</class>
<class
@@ -115,26 +170,67 @@
lazy="false"
optimistic-lock="version" >
<id name="recipient" column="recipient" type="string" length="100" />
<id name="id" column="id" type="long" >
<generator class="native" />
</id>
<version column="version" name="version" type="long" />
<property name="authority" column="authority" type="string" length="100" unique="true"/>
<set
name="externalKeys"
table="alf_auth_ext_keys"
lazy="true"
sort="unsorted"
fetch="select"
optimistic-lock="true" >
<key >
<column name="id" />
</key>
<element column="externalKey" length="100" not-null="true" type="string" />
</set>
</class>
<class
name="org.alfresco.repo.domain.hibernate.DbAccessControlEntryContextImpl"
proxy="org.alfresco.repo.domain.DbAccessControlEntryContext"
table="alf_ace_context"
dynamic-insert="false"
dynamic-update="false"
select-before-update="false"
lazy="false"
optimistic-lock="version" >
<id name="id" column="id" type="long" >
<generator class="native" />
</id>
<version column="version" name="version" type="long" />
<property name="classContext" column="class_context" type="string" length="1024" />
<property name="propertyContext" column="property_context" type="string" length="1024" />
<property name="kvpContext" column="kvp_context" type="string" length="1024" />
</class>
<class name="org.alfresco.repo.domain.hibernate.DbAuthorityAliasImpl"
proxy="org.alfresco.repo.domain.DbAuthorityAlias"
table="alf_authority_alias" dynamic-insert="false" dynamic-update="false"
select-before-update="false" lazy="false" optimistic-lock="version">
<id name="id" column="id" type="long">
<generator class="native"/>
</id>
<natural-id mutable="true">
<many-to-one name="authority"
class="org.alfresco.repo.domain.hibernate.DbAuthorityImpl"
column="auth_id" lazy="no-proxy" fetch="select"
optimistic-lock="true" not-null="true"/>
<many-to-one name="alias"
class="org.alfresco.repo.domain.hibernate.DbAuthorityImpl"
column="alias_id" lazy="no-proxy" fetch="select"
optimistic-lock="true" not-null="true"/>
</natural-id>
<version column="version" name="version" type="long"/>
</class>
<query name="permission.GetPermission" cacheable="true">
select distinct
select
permission
from
org.alfresco.repo.domain.hibernate.DbPermissionImpl as permission
@@ -142,7 +238,108 @@
permission.typeQname = :permissionTypeQName and
permission.name = :permissionName
</query>
<query name="permission.GetAuthority" cacheable="true">
select
authority
from
org.alfresco.repo.domain.hibernate.DbAuthorityImpl as authority
where
authority.authority = :authority
</query>
<query name="permission.GetAceWithNoContext" cacheable="true">
select
ace
from
org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl as ace
where
ace.permission.id = :permissionId and
ace.authority.id = :authorityId and
ace.allowed = :allowed and
ace.applies = :applies and
ace.context is null
</query>
<query name="permission.GetAuthorityAlias" cacheable="true">
select
alias
from
org.alfresco.repo.domain.hibernate.DbAuthorityAliasImpl as alias
join alias.authority as authority
join alias.alias as authorityAlias
where
authority.authority = :authority and
authorityAlias.authority = :alias
</query>
<query name="permission.GetAuthorityAliases" cacheable="true">
select
authorityAlias.authority
from
org.alfresco.repo.domain.hibernate.DbAuthorityAliasImpl as alias
join alias.authority as authority
join alias.alias as authorityAlias
where
authority.authority = :authority
</query>
<query name="permission.GetAcesAndAclsByAuthority" cacheable="true">
select
aclmem.id, acl.id, ace.id
from
org.alfresco.repo.domain.hibernate.DbAccessControlListMemberImpl as aclmem
join aclmem.accessControlList as acl
join aclmem.accessControlEntry as ace
join ace.authority as authority
where
authority.authority = :authority
</query>
<query name="permission.GetAcesForAcl" cacheable="true">
select
aclmem
from
org.alfresco.repo.domain.hibernate.DbAccessControlListMemberImpl as aclmem
where
aclmem.accessControlList.id = :id
</query>
<query name="permission.GetAclsThatInheritFromThisAcl" cacheable="true">
select
acl.id
from
org.alfresco.repo.domain.hibernate.DbAccessControlListImpl as acl
where acl.inheritsFrom = :id and acl.inherits = true
</query>
<query name="permission.FindAvmNodesByACL" cacheable="true">
select
node.id
from
org.alfresco.repo.avm.AVMNodeImpl node
where node.acl.id = :acl
</query>
<query name="permission.FindAvmNodesIndirection" cacheable="true">
select
node.id
from
org.alfresco.repo.avm.LayeredDirectoryNodeImpl node
where node.primaryIndirection = true and node.indirection = :indirection
</query>
<query name="permission.FindLatestAclByGuid" cacheable="true">
select
acl.id
from
org.alfresco.repo.domain.hibernate.DbAccessControlListImpl as acl
where acl.aclId = :aclId and latest = true
</query>
<!--
<query name="permission.GetAccessControlEntriesForAuthority">
select
ace
@@ -151,38 +348,28 @@
where
ace.authority.recipient = :authorityRecipient
</query>
<query name="permission.GetAllAccessControlEntriesForAuthority">
select
ace, acl, node
from org.alfresco.repo.domain.hibernate.NodeImpl as node
join node.accessControlList as acl
join acl.entries as ace
join node.accessControlList as acl
join acl.entries as ace
where
ace.authority.recipient = :authorityRecipient
</query>
<query name="permission.FindNodesByPermission">
select
ace, acl, node
from org.alfresco.repo.domain.hibernate.NodeImpl as node
join node.accessControlList as acl
join acl.entries as ace
join node.accessControlList as acl
join acl.entries as ace
where
ace.authority.recipient = :authorityRecipient and
ace.allowed = :allow and
ace.permission.name = :permissionName and
ace.permission.typeQname = :permissionTypeQname
ace.allowed = :allow and
ace.permission.name = :permissionName and
ace.permission.typeQname = :permissionTypeQname
</query>
<query name="permission.patch.GetAccessControlEntriesToChangePermissionOn" >
select
entry
from
org.alfresco.repo.domain.hibernate.DbAccessControlEntryImpl entry
where
entry.permission.typeQname = :oldTypeQName and
entry.permission.name = :oldName
</query>
-->
</hibernate-mapping>

719
source/java/org/alfresco/repo/domain/hibernate/PermissionsDaoComponentImpl.java
View File

@@ -24,226 +24,107 @@
*/
package org.alfresco.repo.domain.hibernate;
import java.util.Collection;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.List;
import org.alfresco.repo.domain.AccessControlListDAO;
import org.alfresco.repo.domain.DbAccessControlEntry;
import org.alfresco.repo.domain.DbAccessControlList;
import org.alfresco.repo.domain.DbAuthority;
import org.alfresco.repo.domain.DbPermission;
import org.alfresco.repo.domain.DbPermissionKey;
import org.alfresco.repo.domain.Node;
import org.alfresco.repo.domain.NodeStatus;
import org.alfresco.repo.security.permissions.NodePermissionEntry;
import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.impl.AccessPermissionImpl;
import org.alfresco.repo.security.permissions.impl.PermissionReferenceImpl;
import org.alfresco.repo.security.permissions.impl.PermissionsDaoComponent;
import org.alfresco.repo.security.permissions.impl.SimpleNodePermissionEntry;
import org.alfresco.repo.security.permissions.impl.SimplePermissionEntry;
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
import org.alfresco.repo.transaction.TransactionalDao;
import org.alfresco.repo.domain.hibernate.AbstractPermissionsDaoComponentImpl.CreationReport;
import org.alfresco.repo.security.permissions.ACLType;
import org.alfresco.repo.security.permissions.AccessControlEntry;
import org.alfresco.repo.security.permissions.AccessControlList;
import org.alfresco.repo.security.permissions.SimpleAccessControlListProperties;
import org.alfresco.repo.security.permissions.impl.AclChange;
import org.alfresco.service.cmr.repository.InvalidNodeRefException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.security.AccessPermission;
import org.alfresco.service.cmr.security.AccessStatus;
import org.alfresco.service.namespace.QName;
import org.alfresco.util.GUID;
import org.hibernate.Query;
import org.hibernate.ScrollMode;
import org.hibernate.ScrollableResults;
import org.hibernate.Session;
import org.springframework.orm.hibernate3.HibernateCallback;
import org.springframework.orm.hibernate3.support.HibernateDaoSupport;
/**
* Support for accessing persisted permission information. This class maps between persisted objects and the external
* API defined in the PermissionsDAO interface.
*
* @author andyh
*/
public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements PermissionsDaoComponent,
TransactionalDao
public class PermissionsDaoComponentImpl extends AbstractPermissionsDaoComponentImpl
{
private static final boolean INHERIT_PERMISSIONS_DEFAULT = true;
public static final String QUERY_GET_PERMISSION = "permission.GetPermission";
public static final String QUERY_GET_AC_ENTRIES_FOR_AUTHORITY = "permission.GetAccessControlEntriesForAuthority";
public static final String QUERY_GET_ALL_AC_ENTRIES_FOR_AUTHORITY = "permission.GetAllAccessControlEntriesForAuthority";
public static final String QUERY_GET_AC_ENTRIES_FOR_PERMISSION = "permission.GetAccessControlEntriesForPermission";
public static final String QUERY_FIND_NODES_BY_PERMISSION = "permission.FindNodesByPermission";
private Map<String, AccessControlListDAO> fProtocolToACLDAO;
private AccessControlListDAO fDefaultACLDAO;
/** a uuid identifying this unique instance */
private String uuid;
/**
*
*/
public PermissionsDaoComponentImpl()
@Override
protected CreationReport createAccessControlList(NodeRef nodeRef, boolean inherit, DbAccessControlList existing)
{
this.uuid = GUID.generate();
}
/**
* Checks equality by type and uuid
*/
public boolean equals(Object obj)
{
if (obj == null)
if (existing == null)
{
return false;
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
// Accept default versioning
Long id = aclDaoComponent.createAccessControlList(properties);
List<AclChange> changes = new ArrayList<AclChange>();
DbAccessControlList acl = aclDaoComponent.getDbAccessControlList(id);
changes.add(new AclDaoComponentImpl.AclChangeImpl(null, id, null, acl.getAclType()));
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
return new CreationReport(acl, changes);
}
else if (!(obj instanceof PermissionsDaoComponentImpl))
SimpleAccessControlListProperties properties;
Long id;
List<AclChange> changes;
DbAccessControlList acl;
switch (existing.getAclType())
{
return false;
}
PermissionsDaoComponentImpl that = (PermissionsDaoComponentImpl) obj;
return this.uuid.equals(that.uuid);
}
case OLD:
throw new IllegalStateException("Can not mix old and new style permissions");
case DEFINING:
return new CreationReport(existing, Collections.<AclChange> emptyList());
case FIXED:
case GLOBAL:
case SHARED:
// create new defining, wire up and report changes to acl required.
properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setInherits(existing.getInherits());
// Accept default versioning
id = aclDaoComponent.createAccessControlList(properties);
changes = new ArrayList<AclChange>();
acl = aclDaoComponent.getDbAccessControlList(id);
changes.add(new AclDaoComponentImpl.AclChangeImpl(existing.getId(), id, existing.getAclType(), acl.getAclType()));
changes.addAll(aclDaoComponent.mergeInheritedAccessControlList(existing.getId(), id));
// set this to inherit to children
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
/**
* @see #uuid
*/
public int hashCode()
{
return uuid.hashCode();
}
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
return new CreationReport(acl, changes);
case LAYERED:
// Need to get the indirected node ACL
Long indirectAclId = getACLDAO(nodeRef).getIndirectAcl(nodeRef);
Long inheritedAclId = getACLDAO(nodeRef).getInheritedAcl(nodeRef);
/**
* Does this <tt>Session</tt> contain any changes which must be synchronized with the store?
*
* @return true => changes are pending
*/
public boolean isDirty()
{
// create a callback for the task
HibernateCallback callback = new HibernateCallback()
{
public Object doInHibernate(Session session)
// create new defining, wire up and report changes to acl required.
properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
if (indirectAclId != null)
{
return session.isDirty();
properties.setInherits(aclDaoComponent.getAccessControlListProperties(indirectAclId).getInherits());
}
};
// execute the callback
return ((Boolean) getHibernateTemplate().execute(callback)).booleanValue();
}
// Accept default versioning
id = aclDaoComponent.createAccessControlList(properties);
changes = new ArrayList<AclChange>();
acl = aclDaoComponent.getDbAccessControlList(id);
changes.add(new AclDaoComponentImpl.AclChangeImpl(existing.getId(), id, existing.getAclType(), acl.getAclType()));
if (indirectAclId != null)
{
AccessControlList indirectAcl = aclDaoComponent.getAccessControlList(indirectAclId);
for (AccessControlEntry entry : indirectAcl.getEntries())
{
if (entry.getPosition() == 0)
{
aclDaoComponent.setAccessControlEntry(id, entry);
}
}
}
if (inheritedAclId != null)
{
changes.addAll(aclDaoComponent.mergeInheritedAccessControlList(inheritedAclId, id));
}
// set this to inherit to children
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, aclDaoComponent.getInheritedAccessControlList(id)));
/**
* Just flushes the session
*/
public void flush()
{
getSession().flush();
}
/**
* NO-OP
*/
public void beforeCommit()
{
}
public void setProtocolToACLDAO(Map<String, AccessControlListDAO> map)
{
fProtocolToACLDAO = map;
}
public void setDefaultACLDAO(AccessControlListDAO defaultACLDAO)
{
fDefaultACLDAO = defaultACLDAO;
}
public NodePermissionEntry getPermissions(NodeRef nodeRef)
{
// Create the object if it is not found.
// Null objects are not cached in hibernate
// If the object does not exist it will repeatedly query to check its
// non existence.
NodePermissionEntry npe = null;
DbAccessControlList acl = null;
try
{
acl = getAccessControlList(nodeRef, false);
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
return new CreationReport(acl, changes);
default:
throw new IllegalStateException("Unknown type " + existing.getAclType());
}
catch (InvalidNodeRefException e)
{
// Do nothing.
}
if (acl == null)
{
// there isn't an access control list for the node - spoof a null one
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections
.<SimplePermissionEntry> emptySet());
npe = snpe;
}
else
{
npe = createSimpleNodePermissionEntry(nodeRef);
}
// done
if (logger.isDebugEnabled())
{
logger.debug("Created access control list for node: \n" + " node: " + nodeRef + "\n" + " acl: " + npe);
}
return npe;
}
/**
* Get the persisted access control list or create it if required.
*
* @param nodeRef -
* the node for which to create the list
* @param create -
* create the object if it is missing
* @return Returns the current access control list or null if not found
*/
private DbAccessControlList getAccessControlList(NodeRef nodeRef, boolean create)
{
DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
if (acl == null && create)
{
acl = createAccessControlList(nodeRef);
}
// done
if (logger.isDebugEnabled())
{
logger.debug("Retrieved access control list: \n" + " node: " + nodeRef + "\n" + " list: " + acl);
}
return acl;
}
/**
* Creates an access control list for the node and removes the entry from the nullPermsionCache.
*/
private DbAccessControlList createAccessControlList(NodeRef nodeRef)
{
DbAccessControlList acl = new DbAccessControlListImpl();
acl.setInherits(INHERIT_PERMISSIONS_DEFAULT);
getHibernateTemplate().save(acl);
// maintain inverse
getACLDAO(nodeRef).setAccessControlList(nodeRef, acl);
// done
if (logger.isDebugEnabled())
{
logger.debug("Created Access Control List: \n" + " node: " + nodeRef + "\n" + " list: " + acl);
}
return acl;
}
public void deletePermissions(NodeRef nodeRef)
@@ -251,7 +132,7 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
DbAccessControlList acl = null;
try
{
acl = getAccessControlList(nodeRef, false);
acl = getAccessControlList(nodeRef);
}
catch (InvalidNodeRefException e)
{
@@ -259,422 +140,32 @@ public class PermissionsDaoComponentImpl extends HibernateDaoSupport implements
}
if (acl != null)
{
// maintain referencial integrity
getACLDAO(nodeRef).setAccessControlList(nodeRef, null);
// delete the access control list - it will cascade to the entries
getHibernateTemplate().delete(acl);
}
}
@SuppressWarnings("unchecked")
public void deletePermissions(final String authority)
{
// get the authority
HibernateCallback callback = new HibernateCallback()
{
public Object doInHibernate(Session session)
if (acl.getInheritsFrom() != null)
{
Query query = session.getNamedQuery(QUERY_GET_AC_ENTRIES_FOR_AUTHORITY).setString("authorityRecipient",
authority);
return (Integer) HibernateHelper.deleteDbAccessControlEntries(session, query);
Long deleted = acl.getId();
Long inheritsFrom = acl.getInheritsFrom();
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(inheritsFrom));
aclDaoComponent.deleteAccessControlList(acl.getId());
List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, inheritsFrom));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
}
};
Integer deletedCount = (Integer) getHibernateTemplate().execute(callback);
// done
if (logger.isDebugEnabled())
{
logger.debug("Deleted " + deletedCount + " entries for authority " + authority);
}
}
public void deletePermissions(final NodeRef nodeRef, final String authority)
{
DbAccessControlList acl = null;
try
{
acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
}
catch (InvalidNodeRefException e)
{
return;
}
int deletedCount = 0;
if (acl != null)
{
deletedCount = acl.deleteEntriesForAuthority(authority);
}
// done
if (logger.isDebugEnabled())
{
logger.debug("Deleted "
+ deletedCount + "entries for criteria: \n" + " node: " + nodeRef + "\n" + " authority: "
+ authority);
}
}
/**
* Deletes all permission entries (access control list entries) that match the given criteria. Note that the access
* control list for the node is not deleted.
*/
public void deletePermission(NodeRef nodeRef, String authority, PermissionReference permission)
{
DbAccessControlList acl = null;
try
{
acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
}
catch (InvalidNodeRefException e)
{
return;
}
int deletedCount = 0;
if (acl != null)
{
DbPermissionKey permissionKey = new DbPermissionKey(permission.getQName(), permission.getName());
deletedCount = acl.deleteEntry(authority, permissionKey);
}
// done
if (logger.isDebugEnabled())
{
logger.debug("Deleted "
+ deletedCount + "entries for criteria: \n" + " node: " + nodeRef + "\n" + " permission: "
+ permission + "\n" + " authority: " + authority);
}
}
public void setPermission(NodeRef nodeRef, String authority, PermissionReference permission, boolean allow)
{
// get the entry
DbAccessControlEntry entry = getAccessControlEntry(nodeRef, authority, permission);
if (entry == null)
{
// need to create it
DbAccessControlList dbAccessControlList = getAccessControlList(nodeRef, true);
DbPermission dbPermission = getPermission(permission, true);
DbAuthority dbAuthority = getAuthority(authority, true);
// set persistent objects
entry = dbAccessControlList.newEntry(dbPermission, dbAuthority, allow);
// done
if (logger.isDebugEnabled())
else
{
logger.debug("Created new access control entry: " + entry);
}
}
else
{
entry.setAllowed(allow);
// done
if (logger.isDebugEnabled())
{
logger.debug("Updated access control entry: " + entry);
// TODO: could just cear out existing
Long deleted = acl.getId();
SimpleAccessControlListProperties properties = new SimpleAccessControlListProperties();
properties.setAclType(ACLType.DEFINING);
properties.setInherits(Boolean.FALSE);
// Accept default versioning
Long id = aclDaoComponent.createAccessControlList(properties);
getACLDAO(nodeRef).setAccessControlList(nodeRef, aclDaoComponent.getDbAccessControlList(id));
aclDaoComponent.deleteAccessControlList(acl.getId());
List<AclChange> changes = new ArrayList<AclChange>();
changes.addAll(getACLDAO(nodeRef).setInheritanceForChildren(nodeRef, id));
getACLDAO(nodeRef).updateChangedAcls(nodeRef, changes);
}
}
}
/**
* @param nodeRef
* the node against which to join
* @param authority
* the authority against which to join
* @param perm
* the permission against which to join
* @return Returns all access control entries that match the criteria
*/
private DbAccessControlEntry getAccessControlEntry(NodeRef nodeRef, String authority, PermissionReference permission)
{
DbAccessControlList acl = getAccessControlList(nodeRef, false);
DbAccessControlEntry entry = null;
if (acl != null)
{
DbPermissionKey permissionKey = new DbPermissionKey(permission.getQName(), permission.getName());
entry = acl.getEntry(authority, permissionKey);
}
// done
if (logger.isDebugEnabled())
{
logger.debug(""
+ (entry == null ? "Did not find" : "Found") + " entry for criteria: \n" + " node: " + nodeRef
+ "\n" + " authority: " + authority + "\n" + " permission: " + permission);
}
return entry;
}
/**
* Utility method to find or create a persisted authority
*/
private DbAuthority getAuthority(String authority, boolean create)
{
DbAuthority entity = (DbAuthority) getHibernateTemplate().get(DbAuthorityImpl.class, authority);
if ((entity == null) && create)
{
entity = new DbAuthorityImpl();
entity.setRecipient(authority);
getHibernateTemplate().save(entity);
return entity;
}
else
{
return entity;
}
}
/**
* Utility method to find and optionally create a persisted permission.
*/
private DbPermission getPermission(PermissionReference permissionRef, final boolean create)
{
final QName qname = permissionRef.getQName();
final String name = permissionRef.getName();
Session session = getSession();
DbPermission dbPermission = DbPermissionImpl.find(session, qname, name);
// create if necessary
if ((dbPermission == null) && create)
{
dbPermission = new DbPermissionImpl();
dbPermission.setTypeQname(qname);
dbPermission.setName(name);
getHibernateTemplate().save(dbPermission);
}
return dbPermission;
}
public void setPermission(PermissionEntry permissionEntry)
{
setPermission(permissionEntry.getNodeRef(), permissionEntry.getAuthority(), permissionEntry
.getPermissionReference(), permissionEntry.isAllowed());
}
public void setPermission(NodePermissionEntry nodePermissionEntry)
{
NodeRef nodeRef = nodePermissionEntry.getNodeRef();
// Get the access control list
// Note the logic here requires to know whether it was created or not
DbAccessControlList acl = getAccessControlList(nodeRef, false);
if (acl != null)
{
// maintain referencial integrity
getACLDAO(nodeRef).setAccessControlList(nodeRef, null);
// drop the list
getHibernateTemplate().delete(acl);
}
// create the access control list
acl = createAccessControlList(nodeRef);
// set attributes
acl.setInherits(nodePermissionEntry.inheritPermissions());
// add all entries
for (PermissionEntry pe : nodePermissionEntry.getPermissionEntries())
{
PermissionReference permission = pe.getPermissionReference();
String authority = pe.getAuthority();
boolean isAllowed = pe.isAllowed();
DbPermission permissionEntity = getPermission(permission, true);
DbAuthority authorityEntity = getAuthority(authority, true);
@SuppressWarnings("unused")
DbAccessControlEntryImpl entry = acl.newEntry(permissionEntity, authorityEntity, isAllowed);
}
}
public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions)
{
DbAccessControlList acl = null;
if (!inheritParentPermissions)
{
// Inheritance == true is the default, so only force a create of the ACL if the value false
acl = getAccessControlList(nodeRef, true);
acl.setInherits(false);
}
else
{
acl = getAccessControlList(nodeRef, false);
if (acl != null)
{
acl.setInherits(true);
}
}
}
public boolean getInheritParentPermissions(NodeRef nodeRef)
{
DbAccessControlList acl = null;
try
{
acl = getAccessControlList(nodeRef, false);
}
catch (InvalidNodeRefException e)
{
return INHERIT_PERMISSIONS_DEFAULT;
}
if (acl == null)
{
return true;
}
else
{
return acl.getInherits();
}
}
// Utility methods to create simple detached objects for the outside world
// We do not pass out the hibernate objects
private SimpleNodePermissionEntry createSimpleNodePermissionEntry(NodeRef nodeRef)
{
DbAccessControlList acl = getACLDAO(nodeRef).getAccessControlList(nodeRef);
if (acl == null)
{
// there isn't an access control list for the node - spoof a null one
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, true, Collections
.<SimplePermissionEntry> emptySet());
return snpe;
}
else
{
Set<DbAccessControlEntry> entries = acl.getEntries();
SimpleNodePermissionEntry snpe = new SimpleNodePermissionEntry(nodeRef, acl.getInherits(),
createSimplePermissionEntries(nodeRef, entries));
return snpe;
}
}
/**
* @param entries
* access control entries
* @return Returns a unique set of entries that can be given back to the outside world
*/
private Set<SimplePermissionEntry> createSimplePermissionEntries(NodeRef nodeRef,
Collection<DbAccessControlEntry> entries)
{
if (entries == null)
{
return null;
}
HashSet<SimplePermissionEntry> spes = new HashSet<SimplePermissionEntry>(entries.size(), 1.0f);
if (entries.size() != 0)
{
for (DbAccessControlEntry entry : entries)
{
spes.add(createSimplePermissionEntry(nodeRef, entry));
}
}
return spes;
}
private static SimplePermissionEntry createSimplePermissionEntry(NodeRef nodeRef, DbAccessControlEntry ace)
{
if (ace == null)
{
return null;
}
return new SimplePermissionEntry(nodeRef, createSimplePermissionReference(ace.getPermission()), ace
.getAuthority().getRecipient(), ace.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED);
}
private static SimplePermissionReference createSimplePermissionReference(DbPermission perm)
{
if (perm == null)
{
return null;
}
return new SimplePermissionReference(perm.getTypeQname(), perm.getName());
}
/**
* Helper to choose appropriate NodeService for the given NodeRef
*
* @param nodeRef
* The NodeRef to dispatch from.
* @return The appropriate NodeService.
*/
private AccessControlListDAO getACLDAO(NodeRef nodeRef)
{
AccessControlListDAO ret = fProtocolToACLDAO.get(nodeRef.getStoreRef().getProtocol());
if (ret == null)
{
return fDefaultACLDAO;
}
return ret;
}
@SuppressWarnings("unchecked")
public Map<NodeRef, Set<AccessPermission>> getAllSetPermissions(final String authority)
{
// get the authority
HibernateCallback callback = new HibernateCallback()
{
public Object doInHibernate(Session session)
{
Query query = session.getNamedQuery(QUERY_GET_ALL_AC_ENTRIES_FOR_AUTHORITY).setString(
"authorityRecipient", authority);
Map<NodeRef, Set<AccessPermission>> result = new HashMap<NodeRef, Set<AccessPermission>>();
ScrollableResults entities = query.scroll(ScrollMode.FORWARD_ONLY);
while (entities.next())
{
DbAccessControlEntry entry = (DbAccessControlEntry) entities.get(0);
// DbAccessControlList acl = (DbAccessControlList) entities.get(1);
Node node = (Node) entities.get(2);
DbPermission dbPermission = entry.getPermission();
PermissionReferenceImpl pr = new PermissionReferenceImpl(dbPermission.getTypeQname(), dbPermission
.getName());
AccessStatus accessStatus = entry.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED;
AccessPermission ap = new AccessPermissionImpl(pr.toString(), accessStatus, entry.getAuthority()
.getRecipient());
NodeRef nodeRef = node.getNodeRef();
Set<AccessPermission> nodeSet = result.get(nodeRef);
if (nodeSet == null)
{
nodeSet = new HashSet<AccessPermission>();
result.put(nodeRef, nodeSet);
}
nodeSet.add(ap);
}
return result;
}
};
return (Map<NodeRef, Set<AccessPermission>>) getHibernateTemplate().execute(callback);
}
public Set<NodeRef> findNodeByPermission(final String authority, final PermissionReference permission, final boolean allow)
{
// get the authority
HibernateCallback callback = new HibernateCallback()
{
public Object doInHibernate(Session session)
{
Query query = session.getNamedQuery(QUERY_FIND_NODES_BY_PERMISSION).setString(
"authorityRecipient", authority).setBoolean("allow", allow).setString("permissionName", permission.getName()).setString("permissionTypeQname", permission.getQName().toString());
Set<NodeRef> result = new HashSet<NodeRef>();
ScrollableResults entities = query.scroll(ScrollMode.FORWARD_ONLY);
while (entities.next())
{
DbAccessControlEntry entry = (DbAccessControlEntry) entities.get(0);
// DbAccessControlList acl = (DbAccessControlList) entities.get(1);
Node node = (Node) entities.get(2);
DbPermission dbPermission = entry.getPermission();
PermissionReferenceImpl pr = new PermissionReferenceImpl(dbPermission.getTypeQname(), dbPermission
.getName());
AccessStatus accessStatus = entry.isAllowed() ? AccessStatus.ALLOWED : AccessStatus.DENIED;
AccessPermission ap = new AccessPermissionImpl(pr.toString(), accessStatus, entry.getAuthority()
.getRecipient());
NodeRef nodeRef = node.getNodeRef();
result.add(nodeRef);
}
return result;
}
};
return (Set<NodeRef>) getHibernateTemplate().execute(callback);
}
}