inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Checkpoint of light weight ACLs.

Browse Source 
This is a fairly brute force strategy that allows permissions evalutations
with essentially no db access. It does a number of 'bad' things and I may
rip it out completely.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@6788 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Britt Park
2007-09-14 12:39:07 +00:00
parent d9590d3677
commit fb81fb4470
26 changed files with 1424 additions and 180 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
source/java/org/alfresco/repo/simple/permission/ACLImpl.java
View File

@@ -31,10 +31,9 @@ import java.util.Map;
import java.util.Set;
import org.alfresco.repo.avm.util.RawServices;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.simple.permission.ACL;
import org.alfresco.service.simple.permission.CapabilityRegistry;
import org.alfresco.service.simple.permission.AuthorityCapabilityRegistry;
/**
* Basic implementation of a simple ACL.
@@ -64,15 +63,10 @@ public class ACLImpl implements ACL
*/
private String fStringRep;
/**
* Reference to the authority service.
*/
private transient AuthorityService fAuthorityService;
/**
* Reference to the capability registry.
*/
private transient CapabilityRegistry fCapabilityRegistry;
private transient AuthorityCapabilityRegistry fCapabilityRegistry;
/**
* Initialize a brand new one.
@@ -81,8 +75,7 @@ public class ACLImpl implements ACL
public ACLImpl(boolean inherit)
{
fInherit = inherit;
fAuthorityService = RawServices.Instance().getAuthorityService();
fCapabilityRegistry = RawServices.Instance().getCapabilityRegistry();
fCapabilityRegistry = RawServices.Instance().getAuthorityCapabilityRegistry();
fAllowed = new HashMap<String, Set<String>>();
fDenied = new HashMap<String, Set<String>>();
fStringRep = null;
@@ -164,12 +157,21 @@ public class ACLImpl implements ACL
for (String entryRep : segments)
{
String[] entryRegs = entryRep.split(";");
String capability = fCapabilityRegistry.getCapabilityName(Integer.parseInt(entryRegs[0], 16));
String capability = fCapabilityRegistry.getCapabilityName(Integer.parseInt(entryRegs[0], 32));
if (capability == null)
{
continue;
}
Set<String> authorities = new HashSet<String>();
map.put(capability, authorities);
for (int i = 1; i < entryRegs.length; ++i)
{
authorities.add(entryRegs[i]);
String authority = fCapabilityRegistry.getAuthorityName(Integer.parseInt(entryRegs[i], 32));
if (authority == null)
{
continue;
}
authorities.add(authority);
}
}
}
@@ -196,7 +198,7 @@ public class ACLImpl implements ACL
}
for (String auth : denied)
{
if (fAuthorityService.getContainedAuthorities(null, auth, false).contains(authority))
if (fCapabilityRegistry.getContainedAuthorities(auth).contains(authority))
{
return false;
}
@@ -212,7 +214,7 @@ public class ACLImpl implements ACL
}
for (String auth : allowed)
{
if (fAuthorityService.getContainedAuthorities(null, auth, false).contains(authority))
if (fCapabilityRegistry.getContainedAuthorities(auth).contains(authority))
{
return true;
}
@@ -270,7 +272,7 @@ public class ACLImpl implements ACL
allowed.addAll(expAllowed);
for (String authority : expAllowed)
{
allowed.addAll(fAuthorityService.getContainedAuthorities(null, authority, false));
allowed.addAll(fCapabilityRegistry.getContainedAuthorities(authority));
}
// Now remove based on denials.
Set<String> denied = fDenied.get(capability);
@@ -282,7 +284,7 @@ public class ACLImpl implements ACL
// Now those that are indirectly denied.
for (String authority : denied)
{
allowed.removeAll(fAuthorityService.getContainedAuthorities(null, authority, false));
allowed.removeAll(fCapabilityRegistry.getContainedAuthorities(authority));
}
return allowed;
}
@@ -296,7 +298,7 @@ public class ACLImpl implements ACL
AuthorityType type = AuthorityType.getAuthorityType(authority);
if (type == AuthorityType.ADMIN)
{
return fCapabilityRegistry.getAll();
return fCapabilityRegistry.getAllCapabilities();
}
Set<String> capabilities = new HashSet<String>();
// First run through the allowed entries.
@@ -310,7 +312,7 @@ public class ACLImpl implements ACL
}
if (containers == null)
{
containers = fAuthorityService.getContainingAuthorities(null, authority, false);
containers = fCapabilityRegistry.getContainerAuthorities(authority);
}
for (String auth : containers)
{
@@ -336,7 +338,7 @@ public class ACLImpl implements ACL
}
if (containers == null)
{
containers = fAuthorityService.getContainingAuthorities(null, authority, false);
containers = fCapabilityRegistry.getContainerAuthorities(authority);
}
for (String auth : containers)
{
@@ -365,11 +367,11 @@ public class ACLImpl implements ACL
int count = 0;
for (Map.Entry<String, Set<String>> entry : fAllowed.entrySet())
{
builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 16));
builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 32));
for (String authority : entry.getValue())
{
builder.append(';');
builder.append(authority);
builder.append(Integer.toString(fCapabilityRegistry.getAuthorityID(authority), 32));
}
if (count++ < fAllowed.size() - 1)
{
@@ -380,11 +382,11 @@ public class ACLImpl implements ACL
count = 0;
for (Map.Entry<String, Set<String>> entry : fDenied.entrySet())
{
builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 16));
builder.append(Integer.toString(fCapabilityRegistry.getCapabilityID(entry.getKey()), 32));
for (String authority : entry.getValue())
{
builder.append(';');
builder.append(authority);
builder.append(Integer.toString(fCapabilityRegistry.getAuthorityID(authority), 32));
}
if (count++ < fDenied.size() - 1)
{