mirror of
https://github.com/Alfresco/alfresco-community-repo.git
synced 2025-07-24 17:32:48 +00:00
Updates to the permission service to find nodes by permission assignment
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6020 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Andrew Hind
@@ -0,0 +1,102 @@
|
||||
/*
|
||||
* Copyright (C) 2005-2007 Alfresco Software Limited.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU General Public License
|
||||
* as published by the Free Software Foundation; either version 2
|
||||
* of the License, or (at your option) any later version.
|
||||
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
|
||||
* As a special exception to the terms and conditions of version 2.0 of
|
||||
* the GPL, you may redistribute this Program in connection with Free/Libre
|
||||
* and Open Source Software ("FLOSS") applications as described in Alfresco's
|
||||
* FLOSS exception. You should have recieved a copy of the text describing
|
||||
* the FLOSS exception, and it is also available here:
|
||||
* http://www.alfresco.com/legal/licensing"
|
||||
*/
|
||||
package org.alfresco.repo.security.permissions.impl;
|
||||
|
||||
import org.alfresco.service.cmr.security.AccessPermission;
|
||||
import org.alfresco.service.cmr.security.AccessStatus;
|
||||
import org.alfresco.service.cmr.security.AuthorityType;
|
||||
|
||||
/**
|
||||
* Standard implementation for access permission info
|
||||
* @author andyh
|
||||
*
|
||||
*/
|
||||
public class AccessPermissionImpl implements AccessPermission
|
||||
{
|
||||
private String permission;
|
||||
|
||||
private AccessStatus accessStatus;
|
||||
|
||||
private String authority;
|
||||
|
||||
private AuthorityType authorityType;
|
||||
|
||||
public AccessPermissionImpl(String permission, AccessStatus accessStatus, String authority)
|
||||
{
|
||||
this.permission = permission;
|
||||
this.accessStatus = accessStatus;
|
||||
this.authority = authority;
|
||||
this.authorityType = AuthorityType.getAuthorityType(authority);
|
||||
}
|
||||
|
||||
public String getPermission()
|
||||
{
|
||||
return permission;
|
||||
}
|
||||
|
||||
public AccessStatus getAccessStatus()
|
||||
{
|
||||
return accessStatus;
|
||||
}
|
||||
|
||||
public String getAuthority()
|
||||
{
|
||||
return authority;
|
||||
}
|
||||
|
||||
public AuthorityType getAuthorityType()
|
||||
{
|
||||
return authorityType;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString()
|
||||
{
|
||||
return accessStatus + " " + this.permission + " - " + this.authority + " (" + this.authorityType + ")";
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o)
|
||||
{
|
||||
if (this == o)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
if (!(o instanceof AccessPermissionImpl))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
AccessPermissionImpl other = (AccessPermissionImpl) o;
|
||||
return this.getPermission().equals(other.getPermission())
|
||||
&& (this.getAccessStatus() == other.getAccessStatus() && (this.getAccessStatus().equals(other
|
||||
.getAccessStatus())));
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode()
|
||||
{
|
||||
return ((authority.hashCode() * 37) + permission.hashCode()) * 37 + accessStatus.hashCode();
|
||||
}
|
||||
}
|
||||
@@ -28,6 +28,7 @@ import java.io.Serializable;
|
||||
import java.util.HashSet;
|
||||
import java.util.LinkedHashSet;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import net.sf.acegisecurity.Authentication;
|
||||
@@ -52,7 +53,6 @@ import org.alfresco.service.cmr.repository.NodeService;
|
||||
import org.alfresco.service.cmr.security.AccessPermission;
|
||||
import org.alfresco.service.cmr.security.AccessStatus;
|
||||
import org.alfresco.service.cmr.security.AuthorityService;
|
||||
import org.alfresco.service.cmr.security.AuthorityType;
|
||||
import org.alfresco.service.cmr.security.PermissionService;
|
||||
import org.alfresco.service.namespace.NamespaceService;
|
||||
import org.alfresco.service.namespace.QName;
|
||||
@@ -280,74 +280,6 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
|
||||
return accessPermissions;
|
||||
}
|
||||
|
||||
private class AccessPermissionImpl implements AccessPermission
|
||||
{
|
||||
private String permission;
|
||||
|
||||
private AccessStatus accessStatus;
|
||||
|
||||
private String authority;
|
||||
|
||||
private AuthorityType authorityType;
|
||||
|
||||
AccessPermissionImpl(String permission, AccessStatus accessStatus, String authority)
|
||||
{
|
||||
this.permission = permission;
|
||||
this.accessStatus = accessStatus;
|
||||
this.authority = authority;
|
||||
this.authorityType = AuthorityType.getAuthorityType(authority);
|
||||
}
|
||||
|
||||
public String getPermission()
|
||||
{
|
||||
return permission;
|
||||
}
|
||||
|
||||
public AccessStatus getAccessStatus()
|
||||
{
|
||||
return accessStatus;
|
||||
}
|
||||
|
||||
public String getAuthority()
|
||||
{
|
||||
return authority;
|
||||
}
|
||||
|
||||
public AuthorityType getAuthorityType()
|
||||
{
|
||||
return authorityType;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString()
|
||||
{
|
||||
return accessStatus + " " + this.permission + " - " + this.authority + " (" + this.authorityType + ")";
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean equals(Object o)
|
||||
{
|
||||
if (this == o)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
if (!(o instanceof AccessPermissionImpl))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
AccessPermissionImpl other = (AccessPermissionImpl) o;
|
||||
return this.getPermission().equals(other.getPermission())
|
||||
&& (this.getAccessStatus() == other.getAccessStatus() && (this.getAccessStatus().equals(other
|
||||
.getAccessStatus())));
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode()
|
||||
{
|
||||
return ((authority.hashCode() * 37) + permission.hashCode()) * 37 + accessStatus.hashCode();
|
||||
}
|
||||
}
|
||||
|
||||
public Set<String> getSettablePermissions(NodeRef nodeRef)
|
||||
{
|
||||
Set<PermissionReference> settable = getSettablePermissionReferences(nodeRef);
|
||||
@@ -495,13 +427,16 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
|
||||
{
|
||||
auths.add(authority.getAuthority());
|
||||
}
|
||||
if (dynamicAuthorities != null)
|
||||
if (nodeRef != null)
|
||||
{
|
||||
for (DynamicAuthority da : dynamicAuthorities)
|
||||
if (dynamicAuthorities != null)
|
||||
{
|
||||
if (da.hasAuthority(nodeRef, user.getUsername()))
|
||||
for (DynamicAuthority da : dynamicAuthorities)
|
||||
{
|
||||
auths.add(da.getAuthority());
|
||||
if (da.hasAuthority(nodeRef, user.getUsername()))
|
||||
{
|
||||
auths.add(da.getAuthority());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -698,7 +633,8 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
|
||||
// Set the required node permissions
|
||||
if (required.equals(getPermissionReference(ALL_PERMISSIONS)))
|
||||
{
|
||||
nodeRequirements = modelDAO.getRequiredPermissions(getPermissionReference(PermissionService.FULL_CONTROL), typeQName, aspectQNames,
|
||||
nodeRequirements = modelDAO.getRequiredPermissions(
|
||||
getPermissionReference(PermissionService.FULL_CONTROL), typeQName, aspectQNames,
|
||||
RequiredPermission.On.NODE);
|
||||
}
|
||||
else
|
||||
@@ -1199,4 +1135,56 @@ public class PermissionServiceImpl implements PermissionServiceSPI, Initializing
|
||||
return value;
|
||||
}
|
||||
}
|
||||
|
||||
public Map<NodeRef, Set<AccessPermission>> getAllSetPermissionsForTheCurrentUser()
|
||||
{
|
||||
String currentUser = authenticationComponent.getCurrentUserName();
|
||||
return getAllSetPermissions(currentUser);
|
||||
}
|
||||
|
||||
public Map<NodeRef, Set<AccessPermission>> getAllSetPermissions(String authority)
|
||||
{
|
||||
return permissionsDaoComponent.getAllSetPermissions(authority);
|
||||
}
|
||||
|
||||
public Set<NodeRef> findNodesByAssignedPermissionForTheCurrentUser(String permission, boolean allow, boolean includeContainingAuthorities,
|
||||
boolean exactPermissionMatch)
|
||||
{
|
||||
String currentUser = authenticationComponent.getCurrentUserName();
|
||||
return findNodesByAssignedPermission(currentUser, permission, allow, includeContainingAuthorities, exactPermissionMatch);
|
||||
}
|
||||
|
||||
public Set<NodeRef> findNodesByAssignedPermission(String authority, String permission, boolean allow,
|
||||
boolean includeContainingAuthorities, boolean includeContainingPermissions)
|
||||
{
|
||||
// TODO: owned nodes and add owner rights ??
|
||||
// Does not include dynamic permissions (they would have to be done by query - e.g. owership and OWNER rights)
|
||||
// Does not include ACEGI auth object authorities
|
||||
Set<String> authorities = new HashSet<String>();
|
||||
authorities.add(authority);
|
||||
if (includeContainingAuthorities)
|
||||
{
|
||||
authorities.addAll(authorityService.getAuthoritiesForUser(authority));
|
||||
}
|
||||
|
||||
HashSet<NodeRef> answer = new HashSet<NodeRef>();
|
||||
|
||||
PermissionReference pr = getPermissionReference(permission);
|
||||
Set<PermissionReference> permissions = new HashSet<PermissionReference>();
|
||||
permissions.add(pr);
|
||||
|
||||
if (includeContainingPermissions)
|
||||
{
|
||||
permissions.addAll(modelDAO.getGrantingPermissions(pr));
|
||||
}
|
||||
|
||||
for (PermissionReference perm : permissions)
|
||||
{
|
||||
for (String auth : authorities)
|
||||
{
|
||||
answer.addAll(permissionsDaoComponent.findNodeByPermission(auth, perm, allow));
|
||||
}
|
||||
}
|
||||
return answer;
|
||||
}
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -24,10 +24,14 @@
|
||||
*/
|
||||
package org.alfresco.repo.security.permissions.impl;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.alfresco.repo.security.permissions.NodePermissionEntry;
|
||||
import org.alfresco.repo.security.permissions.PermissionEntry;
|
||||
import org.alfresco.repo.security.permissions.PermissionReference;
|
||||
import org.alfresco.service.cmr.repository.NodeRef;
|
||||
import org.alfresco.service.cmr.security.AccessPermission;
|
||||
|
||||
/**
|
||||
* The API for accessing persisted Alfresco permissions.
|
||||
@@ -116,4 +120,21 @@ public interface PermissionsDaoComponent
|
||||
* @return inheritParentPermissions
|
||||
*/
|
||||
public boolean getInheritParentPermissions(NodeRef nodeRef);
|
||||
|
||||
/**
|
||||
* Get all the permissions set for the given authority
|
||||
*
|
||||
* @param authority
|
||||
* @return - the permissions set on all nodes for the given authority.
|
||||
*/
|
||||
public Map<NodeRef, Set<AccessPermission>> getAllSetPermissions(String authority);
|
||||
|
||||
/**
|
||||
* Find nodes which have the given permisson for the given authority
|
||||
* @param authority - the authority to match
|
||||
* @param permission - the permission to match
|
||||
* @param allow - true to match allow, false to match deny
|
||||
* @return - the set of matching nodes
|
||||
*/
|
||||
public Set<NodeRef> findNodeByPermission(String authority, PermissionReference permission, boolean allow);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user